The password reset disk contains sensitive information. Others may use the
password reset disk to gain access to your computer. It is important to
store this disk in a safe location.
Do not keep the disk where others can find and use it.
If you are worried that you cannot keep such a disk from users, don't create
it. As for the workplace, a machine that is joined to the domain, Domain
Admins are added to the clients local Admin group to have access thus you
would be able to reset passwords from a domain level.
As for policies, you can push GP's down even if the client is set to block
inheritance.
The password reset disk is not a security problem. Do not give users access
to the diskette.
Hope this helps!The password reset disk contains sensitive information.
Others may use the password reset disk to gain access to your computer. It
is important to store this disk in a safe location.
Do not keep the disk where others can find and use it.
If you are worried that you cannot keep such a disk from users, don't create
it. As for the workplace, a machine that is joined to the domain, Domain
Admins are added to the clients local Admin group to have access thus you
would be able to reset passwords from a domain level on the local machine if
needed.
As for policies, you can push GP's down even if the client is set to block
inheritance.
The password reset disk is not a security problem. Do not give users access
to the diskette.
Hope this helps!
--
Darren Hook
(e-mail address removed)
Microsoft PSS
Please do not send email directly to this alias. This alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
