|
Posted by =?Utf-8?B?VGVycnkgQ2FsZWI=?= on December 28, 2007, 3:12 pm
If you were Registered and logged in, you could reply and use other advanced thread options
default, if they knew the correct bit to change and the correct process. This
just stops the "Not so nerdy" admins......
I will post the hack in a little while, I need to check something.
Terry
"Shenan Stanley" wrote:
> Terry Caleb wrote:
> > I used to be able to do this on Windows2000, but do not find the
> > registry settings or the offsets for Windows2003. What I would
> > like to do is be able to set a password on an account, and to not
> > allow anyone at all, including other administrators, to be able
> > to change the password or the account name. I have searched
> > through pages upon pages of articles, but have not found
> > anything. Is this still possible?
>
> Shenan Stanley wrote:
> > Still?
> >
> > I am pretty sure you could not do that in Windows 2000 either. If
> > someone is an administrator, they can do whatever they want to
> > anything on the machine *except* mess with encrypted files (at
> > least not get into them without the backed-up certificate from the
> > account that encrypted them, etc.)
>
> Terry Caleb wrote:
> > I have written down a registry hack that I used to use to change a
> > bit in the registry that would not allow ANYONE to change the
> > password (I think also change the username also, but I never tried
> > it.) of a user, regardless of their credentials. That included
> > Domain Admins and everything.
>
> So don't be shy - post it.
>
> I assure you, however - if you can do it as an administrator - anyone with
> administrative rights on the same computer can get around it/undo it. If
> they have administrative rights on the computer - other than encryption -
> you cannot do much to control what they can/cannot do on the computer.
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>
| 
XML site map