Do I need a Local admin account?

H

hwbuerger

I plan to have no local account on a Windows XP prof. PC with admin rights.
(Administrator Account disabled)
For admin rights on the PC's, I plan to add a Domain account to the local
administration group.
How I insure, that I can login in with admin rights any time even when the
PC is not connected to the Domain? Is there a need for a local account with
admin rights?
Thanks, HW
 
B

Bruce Chambers

hwbuerger said:
I plan to have no local account on a Windows XP prof. PC with admin rights.
(Administrator Account disabled)
Click to expand...

Very unwise. What are you trying to accomplish, beyond making many
useful diagnostic and repair techniques useless?

For admin rights on the PC's, I plan to add a Domain account to the local
administration group.
Click to expand...

That's normal for a domain environment.

How I insure, that I can login in with admin rights any time even when the
PC is not connected to the Domain?
Click to expand...

Only by having a local account with administrative privileges.
Is there a need for a local account with
admin rights?
Click to expand...


Yes, of course there needs to be a local admin account. The standard
security practice is to rename the built-in Administrator account, set a
strong password on it, and use it only to create another accounts for
regular use, reserving the Administrator account as a "back door" in
case something corrupts your regular account(s).


--

Bruce Chambers

Help us help you:


http://support.microsoft.com/default.aspx/kb/555375

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot
 
A

Anteaus

You would only be able to login with domain admin credentials if that
account had logged-in previously, and the credentials had been cached. Which
is basically an unwise assumption to make.

So, yes you need a local account.

Besides, logging-in to a client computer as domain admin is not a good
policy, as it exposes the server(s) to any malware running on the client.
Remember that the domain admin account has unlimited power to modify settings
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

can not add myself into the local admin group. But am the Domain A 1
Local admin rights 1
Adding a group to local admin group 4
Rename or Not to rename the Local Admin username...... 2
Group policy 1
WinXP admin rights 1
No Admin Access 3
Windows 7 Post Recovery Issues 4

Top