Keeping Administrators from changing admin password

[CJCoates]

I have a Win2000 AD Domain. There are cases where the users on the PCs have
to be in the local administrators group. Is there a way, with group policy,
to keep someone in the local administrators group from changing the local
administrators password?

Thanks
ccoates

 

[Lanwench [MVP - Exchange]]

Not that I know of....what reason is there for the users to have local admin
rights?

 

[Bruce Chambers]

Greetings --

No. This is one of the reasons that normal domain users should
not be given local administrative privileges -- they don't know enough
about what they're doing, and they tend to abuse such privileges.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Brian Desmond [MVP]]

Some of my machines have local admin rights for groups of users. I don't
expect that they'll go changing passwords, but, to be on the safe side, I
have a startup script configured with this in it:

net user administrator mypassword

Each time the computer reboots, the administrator account password is reset.

--
--
Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us

Http://www.briandesmond.com

 

[Eric Sabine]

But what do you do about laptop users or software developer users?

The laptop users need admin privs to be able to handle things on the road.
I wouldn't want one ranting at me on the phone while he's about to do a
presentation for a sale and somehting broke, but he isn't elevated enough to
fix it.

For SW developers, they are installing, modifying, using VMWare/MS Virtual
PC, etc. They need it too.

What are your thoughts here?

Eric