How to stop users from changing password?

[waylman]

My father in law has an office with 16 machines. They are all connected through a hub...there is no servers/domain. Currently, each user logs in to their machine as a local admin but he does not want users to be able to change their own passwords. Is there a way to do this while preserving the profile they are currently using?

 

[FreshPrince]

Originally posted by: waylman
My father in law has an office with 16 machines. They are all connected through a hub...there is no servers/domain. Currently, each user logs in to their machine as a local admin but he does not want users to be able to change their own passwords. Is there a way to do this while preserving the profile they are currently using?

I don't get it..why doesn't he want them to change their own passwords? what would this accomplish? they all have local admin...

 

[RebateMonger]

In XP, anybody who's a Local Administrator can change their password on the Local computer. You can change the policy, but the user can just change it back.

 

[waylman]

they had a problem in the past where someone left the company and they did not know his password....there are obviously ways to get the data off of the HD in this situation, but he is not a techincal person at all. Also, he lives in LA and I'm in Vancouver so I can't be out there helping him out.

 

[FreshPrince]

Originally posted by: waylman
they had a problem in the past where someone left the company and they did not know his password....there are obviously ways to get the data off of the HD in this situation, but he is not a techincal person at all. Also, he lives in LA and I'm in Vancouver so I can't be out there helping him out.

ok, you need to burn him one of those password reset cd's

you can download them all over the internet...

pop the cd in, it boots up in linux, and you can blank out the password.

 

[RebateMonger]

Create a new account on each PC with Local Administrator priviliges. Set that password the same on all PCs. Set it as "non-expiring".

Now, you can always get into the Windows installation, make any required changes, and take ownership of any files on the computer.

It seems your Father-in-law should consider engaging a local IT consultant to help him set his security policies to avoid problems like this. There's no reason for most employees to be Local Administrators. It makes malware contamination much more likely and much more severe.

 

[JackMDS]

16 computers peer to peer.

May be it is time to consider SBS 2003.

History tells that it would be done at a certain point any way, usually after a disaster occurred first.

Therefore, it is smart to anticipate and avoid the disaster.:shocked:

:sun:

 

[mikeford]

Make him one of the password bypass CDs, sooner or later he is going to need it. Just reseting the passwords won't give access to any encrypted files the user has, bypass works fine when employees leave and "forget" to give passwords etc.

 

[blemoine]

waylman: Is this a law office we are talking about here? If so then you are fighting a losing battle.

 

[FreshPrince]

Originally posted by: blemoine
waylman: Is this a law office we are talking about here? If so then you are fighting a losing battle.

some will spend the dough to beef up their network...others won't want to spend more than $100 and expect you to work miracles...

 

[blemoine]

i guess i have only worked with "others". From my experience lawyers are just unecessarily stubborn when it comes to doing a job right. (as far as networks go) i have a client who is still running NT4 and refuses to replace the box because it still comes on in the morning.

 

[TheSophist]

Do what RebateMonger says.

1 - Create another administrator account.
2 - Login to the newly created administrator account, then create a limited user account.
3 - Copy the files from the user's administrator account into the limited account.
4 - Login to the newly created limited account and verify everything is working.
5 - Now log back into the administrator account and delete the old administrator account.

Also, you might want to try using group policies to lock up the control panel.


TheSophist

 

[Goosemaster]

Originally posted by: JackMDS
16 computers peer to peer.

May be it is time to consider SBS 2003.

History tells that it would be done at a certain point any way, usually after a disaster occurred first.

Therefore, it is smart to anticipate and avoid the disaster.:shocked:

:sun:

I agree 1 billion percent.