In Windows Server 2003, I need to prevent users who isn't belongs to Administrators group change my Administrator password. How to prevent this?

Question

I have Administrator account. There are some users belongs to Domain Users and Remote Desktop Users. I just want them logged in remotely, but cannot reset my Administrator. It is a security vulnerability for system administration. I have reviewed Group Policy again, but find nothing help me solve this. Anyone know the solution here?

What is the problem? password reset is an admin priviledge - so a non issue. OPAssword change requires knowing the old password, again a non issue. I dont udnerstand what exactly is the scenario you have a problem with. — TomTom, Nov 09 '10 at 08:07

score 1 · Answer 1 · answered Nov 09 '10 at 09:49

1

Domain Users are not member of Administrators group by default. Only users with Administrator permissions are able to change password of an Administrator account.

I don't see any issues in this. If you have Domain Users or Remote Desktop group in the Administrators group of your Windows Server 2003 machine only then they will be able to change password of an Administrator account.

answered Nov 09 '10 at 09:49

Vivek Kumbhar

3,063
1
17
13

Thanks, your reply is correct. I have configured successfully. – grabtasker Nov 11 '10 at 04:18
Please mark is as answer. Appreciate – Vivek Kumbhar Nov 11 '10 at 04:22

In Windows Server 2003, I need to prevent users who isn't belongs to Administrators group change my Administrator password. How to prevent this?

1 Answers1