Hello.
I have an issue, where I want to prevent domain users with administrative rights from modifying the password of the local administrator account on their respective computers. Any way of implementing this?
Ritesh_4 71 Posting Pro
rproffitt 2,662 "Nothing to see here." Moderator
I think this is nearly impossible. I had an IT staffer that wanted to do this and told them it wasn't possible today. Why? Tools like NTPASSWD make resetting the local admin a snap. Yes it got a little harder with the new BIOS (EFI) but not a big hurdle.
All this has us recalling what a PC is. It's a personal computer and not a terminal. If you need to get absolute control you may have to look at thin clients and such.
Ritesh_4 commented: Thanks for the info +6
sam07 -5 Newbie Poster
Hi there, you may try this, You can remove the domain users from local administrator group. To do so, use this
[Computer Configuration\Windows Settings\Security Settings\Restricted Groups]
and you can visit this for more info. . .technet.microsoft.com/en-us/library/cc785631(WS.10).aspx
rproffitt commented: Check the question again. This won't stop local password changes. +0
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.