Re: Impact of Disabling the Local Administrator Account
- From: "Thomas M." <NoEmailReplies@xxxxxxxxxx>
- Date: Thu, 6 Sep 2007 18:01:57 -0600
1) Good point about booting from a CD or in safe mode. I had not thought of
that, but it seems obvious in retrospect.
2) We do the vast majority of our software installations using Novell
ZENworks. I'm not sure what protocols it uses. We are moving more into
group policies, so there is a possibility of rolling out software that way
in the future.
3) We use our domain administrator accounts to add and remove machines from
the domain. As for the local login, we are considering having a special
domain account that will have administrator rights on all our machines, and
should be able to login with cached credentials when offline. At least,
that's the plan (We're having a meeting tomorrow to discuss the idea).
Right now, we really don't have any good reason to disable the local
Administrator account. I was just asking about it in order to gather
information on the pros and cons. Our current plan is to rename the local
Administrator account, randomize the password on each machine, and disable
the LAN Man hash in group policy. I was just thinking that we might bypass
all that and simply disable the account altogether. But for the time being
we'll probably just stick with our original plan.
--Tom
"Mathieu CHATEAU" <gollum123@xxxxxxx> wrote in message
news:e3x1W2K8HHA.2476@xxxxxxxxxxxxxxxxxxxxxxx
Hello,
1) yes but that may be workarounded by booting on a CD or in safe mode if
you know the password
2) is it SMS ? It's using a domain admin account or even local system
3) if the computer need to be put out of the domain and then back, you
will need this account.
You may have to give it to laptop user to install software while out of
office (depend of your security rules)
The key is, apart from finding this GPO, do you have reasons for doing it
?
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Thomas M." <NoEmailReplies@xxxxxxxxxx> wrote in message
news:ex5y%23uK8HHA.5424@xxxxxxxxxxxxxxxxxxxxxxx
XP SP2
I'm really new to group policies and I have just noticed that the
"Administrator account status" policy appears to allow for the disabling
of the local Administrator account. I have three questions about this.
1) Am I correct that this policy allows the local Administrator account
to be disabled?
2) In our environment we do a lot of automated software distributions,
many of which are for software packages that require administrator rights
during the installation process. Our software distribution process runs
with administrator rights. Would disabling the local Administrator
account prevent some of our software distributions from running on
desktop machines?
3) What problems or issues should we expect if we disable the local
Administrator account?
Thanks for any help that you can offer.
--Tom
.
- Follow-Ups:
- Re: Impact of Disabling the Local Administrator Account
- From: Mathieu CHATEAU
- Re: Impact of Disabling the Local Administrator Account
- References:
- Impact of Disabling the Local Administrator Account
- From: Thomas M.
- Re: Impact of Disabling the Local Administrator Account
- From: Mathieu CHATEAU
- Impact of Disabling the Local Administrator Account
- Prev by Date: Re: Impact of Disabling the Local Administrator Account
- Next by Date: Re: Impact of Disabling the Local Administrator Account
- Previous by thread: Re: Impact of Disabling the Local Administrator Account
- Next by thread: Re: Impact of Disabling the Local Administrator Account
- Index(es):
Relevant Pages
|
