Admin members and passwords

  • Thread starter Thread starter Liam
  • Start date Start date
L

Liam

Is it possible to prevent other members of domain admins
from changing your own user account password.

I'm a domain admin user but need to be able to restrict
other domian admin users from accessing my account. is
there an option in account options..?

Can you hide a user account....I don't think so but
thought I'd ask anyway.

any ideas would be appreciated.
 
Ultimately you can not do that. You can however enable auditing of account management
on Domain Controller Security Policy and password resets will show up in the security
log unless the log was erased which would in itself leave an event. Otherwise you can
try this. Go to your user account in AD Users and Computers and in your account
properties/security either add yourself as full control and remove all other
administrators groups or to be more subtle, just scroll down the list of permissions
and apply "deny" for reset password to the administrators group. Now this will also
prevent your from resetting your password, though you can still change it via normal
ways or remove the deny permission if you do need to reset it. The face that the
reset permission is no immediately available until you scroll down the list may leave
some of them scratching their heads assuming they know where to look in the first
place. --- Steve
 
AdminSDHolder functionality will prevent this from working. He will set it and
within an hour sdprop will come along and "fix" it.

The answer to this is no. If you can't trust your admins, they shouldn't be admins.
 
Thanks Joe. I was not aware of that. --- Steve


Joe Richards said:
AdminSDHolder functionality will prevent this from working. He will set it and
within an hour sdprop will come along and "fix" it.

The answer to this is no. If you can't trust your admins, they shouldn't be admins.
Click to expand...
 
Back
Top