Temporary Admin rights on "Offline" WinXP Clients

[Guest]

Hi,

We have a lot of remote users who never connects to our network.
Because the management have made the decision not to give users
administrative rights on the pc's, we need some kind of a program that we can
install on every pc, which generate a new password every day which is the
same on every pc. This password should be assigned to the local administrator.

Does anyone have experience with this?

Best regards,
Kenneth

 

[Ondrej Sevecek]

this would be absolutely unefficient and even not more secure.
Everybody can reset local admin password with utilities such as LockSmith
from ERD commander or "Offline nt password and registry editor" in a time
frame of a minute. So with your choice, you are not preventing users from
anything. They can reset the password and disable your pwdchange utility.

I would prefer to have the admin account with a highly secure password
preset and the account itself renamed. And also a written policy with
penalties to those who use their admin accounts (use logging and also you
can detect the change when the password has been changed, admin's profile is
present).


O.

 

[Guest]

You certainly don't want remote users with administrative passwords roaming

 

[Lanwench [MVP - Exchange]]

In

Hi,

We have a lot of remote users who never connects to our network.
Because the management have made the decision not to give users
administrative rights on the pc's, we need some kind of a program
that we can install on every pc, which generate a new password every
day which is the same on every pc. This password should be assigned
to the local administrator.

Does anyone have experience with this?

Best regards,
Kenneth

I've re-read this several times and am still not sure what your actual goal
is.....