Re: Admin members and passwords

• Previous message: tthallah: "Re: Spyware I cannot remove."
• In reply to: Liam: "Admin members and passwords"
• Next in thread: Joe Richards [MVP]: "Re: Admin members and passwords"
• Reply: Joe Richards [MVP]: "Re: Admin members and passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 25 Jun 2004 22:27:34 GMT

Ultimately you can not do that. You can however enable auditing of account management
on Domain Controller Security Policy and password resets will show up in the security
log unless the log was erased which would in itself leave an event. Otherwise you can
try this. Go to your user account in AD Users and Computers and in your account
properties/security either add yourself as full control and remove all other
administrators groups or to be more subtle, just scroll down the list of permissions
and apply "deny" for reset password to the administrators group. Now this will also
prevent your from resetting your password, though you can still change it via normal
ways or remove the deny permission if you do need to reset it. The face that the
reset permission is no immediately available until you scroll down the list may leave
some of them scratching their heads assuming they know where to look in the first
place. --- Steve

"Liam" <anonymous@discussions.microsoft.com> wrote in message
news:2136601c45af5$7dfbae30$a601280a@phx.gbl...
>
> Is it possible to prevent other members of domain admins
> from changing your own user account password.
>
> I'm a domain admin user but need to be able to restrict
> other domian admin users from accessing my account. is
> there an option in account options..?
>
> Can you hide a user account....I don't think so but
> thought I'd ask anyway.
>
> any ideas would be appreciated.

• Previous message: tthallah: "Re: Spyware I cannot remove."
• In reply to: Liam: "Admin members and passwords"
• Next in thread: Joe Richards [MVP]: "Re: Admin members and passwords"
• Reply: Joe Richards [MVP]: "Re: Admin members and passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Password disappears ... account password will be reset to empty automatic. ... SBS infected by Trojan horse. ... Configure account lockout policy. ... (microsoft.public.windows.server.sbs) RE: Quick question on resetting computer accounts in AD ... and recreating the account. ... Is it okay to use the reset account function? ... SBS Server Management console does not have "Reset Account" command to ... In fact, the SBS Server Management console has already integrated ADUC, you ... (microsoft.public.windows.server.sbs) RE: Reset of local user password deleted compressed folders ... I suggest you search the hard disk to confirm if the files are deleted. ... For any of the following resolutions to work, the user's original account ... This password recovery disk must have ... Click "use your password reset disk". ... (microsoft.public.windowsxp.security_admin) RE: Single sign on ... How to authentificate an user via telephon? ... > Avatier has a product which would allow users to reset their own passwords ... >> for the person whose account is reset. ... >> would only be accessible by the person whose account is reset. ... (Security-Basics) Re: No access to encrypted files after Password change ... Yea Howard, you are quite right, that would make EFS ... That is expected when the pwd is reset rather than ... >>Change requires that you be logged in as the account ... >>> Microsoft says that once you encrypt ... (microsoft.public.windowsxp.security_admin)