Re: Remove Administrator Account from Administrators Group
- From: "Mathieu CHATEAU" <gollum123@xxxxxxx>
- Date: Tue, 28 Aug 2007 20:00:08 +0200
Enjoy!
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Thomas M." <NoEmailReplies@xxxxxxxxxx> wrote in message news:ubqqqxZ6HHA.3940@xxxxxxxxxxxxxxxxxxxxxxx
I configured our group policy as you suggested, and it worked perfectly. Thanks for the help!
--Tom
"Mathieu CHATEAU" <gollum123@xxxxxxx> wrote in message news:44AE3E8E-AF8B-41BC-B7E1-E9C3FE3B0C5E@xxxxxxxxxxxxxxxxHello,
yes, it's this policy
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Thomas M." <NoEmailReplies@xxxxxxxxxx> wrote in message news:eBPZNeP6HHA.5160@xxxxxxxxxxxxxxxxxxxxxxxThanks for the reply. I have not tried what you suggest, but I thought that there might be a policy for it somewhere. I was just looking in the wrong place. It looks like what I need and I'll give it a try.
As for the LAN man hash, is this the policy that you are referring to:
Network security: Do not store LAN Manager hash value on next password change
--Tom
"Mathieu CHATEAU" <gollum123@xxxxxxx> wrote in message news:8A4B87C9-9310-42C1-900B-761548A7A750@xxxxxxxxxxxxxxxxHello,
have you tried the GPO:
Computer configuration
Security Settings
Local policies
Security Options
Accounts: Rename administrator account
Don't forget to disable Lan man hash, or it will be really easy to break it with rainbow table
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Thomas M." <NoEmailReplies@xxxxxxxxxx> wrote in message news:u7zTcgM6HHA.3716@xxxxxxxxxxxxxxxxxxxxxxxWe are in the process of creating a group policy that will limit user rights on the desktop. A major element of our group policy is that it will push down the local Administrators group, which will contain a domain group for Network Administrators so that we will have administrator rights to all machines. Currently, the local Administrator account is a member of the Administrators group that is pushed down by the group policy. Our security officer would like us to either remove the local Administrator account from the group policy, or push it down under a different name. In other words, if you were to logon to a PC that gets the group policy, and check the local Administrators group, you would not see the local Administrator account listed as a member, but you might see an account called something like "SecureDesktop" that would be the local Administrator account under a different name.
Given that you can't manually remove the local Administrator account from the local Administrators group (you get a message akin to, "This action is not allowed for built-in accounts"), I would say that what our security officer is asking may not be possible. However, I am very new to group policies and thought that I should seek some expert advice on whether or not this can be achieved through a group policy.
Is there a way through a group policy to remove the local Administrator account from the local Administrators group, or to push it down under a different name?
--Tom
.
- References:
- Remove Administrator Account from Administrators Group
- From: Thomas M.
- Re: Remove Administrator Account from Administrators Group
- From: Mathieu CHATEAU
- Re: Remove Administrator Account from Administrators Group
- From: Thomas M.
- Re: Remove Administrator Account from Administrators Group
- From: Mathieu CHATEAU
- Re: Remove Administrator Account from Administrators Group
- From: Thomas M.
- Remove Administrator Account from Administrators Group
- Prev by Date: Re: Remove Administrator Account from Administrators Group
- Next by Date: Re: Remove Administrator Account from Administrators Group
- Previous by thread: Re: Remove Administrator Account from Administrators Group
- Next by thread: Re: Remove Administrator Account from Administrators Group
- Index(es):
Relevant Pages
|
