If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Power users can see administrators?
If you want to hide your personal files (if your an adminsitrator), from
peeping eyes of any limited user/ power user, than open "My Computer." RIGHT CLICK on the administrative account and RIGHT CLICK the file. Click on the "sharing" tab and tick the "Make the folder private!" I HOPE THIS ANSWERS YOUR QUESTION! "Zhenxin Li" wrote: Hello, I notice that power users can browse who are administrator accounts by default. Is there a security policy option to disable this behavior? I need most of the power user's rights, but don't want this account knows anything about the higher level accounts. Best regards, Zhenxin Li |
Ads |
#2
|
|||
|
|||
Power users can see administrators?
Where is this happenening - on the local computer or in Active Directory?? --- Steve
"Zhenxin Li" wrote in message ... Hello, I notice that power users can browse who are administrator accounts by default. Is there a security policy option to disable this behavior? I need most of the power user's rights, but don't want this account knows anything about the higher level accounts. Best regards, Zhenxin Li |
#3
|
|||
|
|||
Power users can see administrators?
Hello,
I notice that power users can browse who are administrator accounts by default. Is there a security policy option to disable this behavior? I need most of the power user's rights, but don't want this account knows anything about the higher level accounts. Best regards, Zhenxin Li |
#4
|
|||
|
|||
Power users can see administrators?
Well that would be hard to do. Any user can run the command net localgroup administrators to see members of administrators group. What you must do is to make sure that the local administrators use strong passwords so that other users can not guess. You can use local Group Policy [gpedit.msc] or the Shared Computer Toolkit to try and restrict users from accessing Control Panel, the command prompt, net.exe, the registry, mmc snapins, etc. The Shared Computer Toolkit generally works better on non domain computers because local Group Policy applies to ALL local computer users including administrators unless you hack permissions to the \windows\system32\group policy\user folder which also cause the admis not to be able to manage local Group Policy. --- Steve
"Zhenxin Li" wrote in message ... In "Control Panel --- Administrative Tools --- Computer Management --- Local Users and Groups" console. "Steven L Umbach" wrote in message . .. Where is this happenening - on the local computer or in Active Directory?? --- Steve "Zhenxin Li" wrote in message ... Hello, I notice that power users can browse who are administrator accounts by default. Is there a security policy option to disable this behavior? I need most of the power user's rights, but don't want this account knows anything about the higher level accounts. Best regards, Zhenxin Li |
#5
|
|||
|
|||
Power users can see administrators?
That is why some admins rename the administrator account though that is only effective for some types of attacks because the built in administrator account is a well known SID that can not be changed. Properly configured firewalls will make sure that users on untrusted networks will not be able to enumerate users and groups. For high security within a network admins often can only logon via a smart card. --- Steve
"Zhenxin Li" wrote in message ... Hmmm, it's really stupid to expose the admin account name to the world. At least, there should be an option to protect the name. Thank you! "Steven L Umbach" wrote in message ... Well that would be hard to do. Any user can run the command net localgroup administrators to see members of administrators group. What you must do is to make sure that the local administrators use strong passwords so that other users can not guess. You can use local Group Policy [gpedit.msc] or the Shared Computer Toolkit to try and restrict users from accessing Control Panel, the command prompt, net.exe, the registry, mmc snapins, etc. The Shared Computer Toolkit generally works better on non domain computers because local Group Policy applies to ALL local computer users including administrators unless you hack permissions to the \windows\system32\group policy\user folder which also cause the admis not to be able to manage local Group Policy. --- Steve "Zhenxin Li" wrote in message ... In "Control Panel --- Administrative Tools --- Computer Management --- Local Users and Groups" console. "Steven L Umbach" wrote in message . .. Where is this happenening - on the local computer or in Active Directory?? --- Steve "Zhenxin Li" wrote in message ... Hello, I notice that power users can browse who are administrator accounts by default. Is there a security policy option to disable this behavior? I need most of the power user's rights, but don't want this account knows anything about the higher level accounts. Best regards, Zhenxin Li |
#6
|
|||
|
|||
Power users can see administrators?
In "Control Panel --- Administrative Tools --- Computer Management --- Local Users and Groups" console.
"Steven L Umbach" wrote in message . .. Where is this happenening - on the local computer or in Active Directory?? --- Steve "Zhenxin Li" wrote in message ... Hello, I notice that power users can browse who are administrator accounts by default. Is there a security policy option to disable this behavior? I need most of the power user's rights, but don't want this account knows anything about the higher level accounts. Best regards, Zhenxin Li |
#7
|
|||
|
|||
Power users can see administrators?
Thanks! But I think this is not my problem.
In "Control Panel --- Administrative Tools --- Computer Management --- Local Users and Groups" console, power users can see who are administrator accounts. I want to hide everything about the admin accounts to lower rights users, including the names of the admin accounts. "ETLCS" wrote in message ... If you want to hide your personal files (if your an adminsitrator), from peeping eyes of any limited user/ power user, than open "My Computer." RIGHT CLICK on the administrative account and RIGHT CLICK the file. Click on the "sharing" tab and tick the "Make the folder private!" I HOPE THIS ANSWERS YOUR QUESTION! "Zhenxin Li" wrote: Hello, I notice that power users can browse who are administrator accounts by default. Is there a security policy option to disable this behavior? I need most of the power user's rights, but don't want this account knows anything about the higher level accounts. Best regards, Zhenxin Li |
#8
|
|||
|
|||
Power users can see administrators?
Hmmm, it's really stupid to expose the admin account name to the world. At least, there should be an option to protect the name. Thank you!
"Steven L Umbach" wrote in message ... Well that would be hard to do. Any user can run the command net localgroup administrators to see members of administrators group. What you must do is to make sure that the local administrators use strong passwords so that other users can not guess. You can use local Group Policy [gpedit.msc] or the Shared Computer Toolkit to try and restrict users from accessing Control Panel, the command prompt, net.exe, the registry, mmc snapins, etc. The Shared Computer Toolkit generally works better on non domain computers because local Group Policy applies to ALL local computer users including administrators unless you hack permissions to the \windows\system32\group policy\user folder which also cause the admis not to be able to manage local Group Policy. --- Steve "Zhenxin Li" wrote in message ... In "Control Panel --- Administrative Tools --- Computer Management --- Local Users and Groups" console. "Steven L Umbach" wrote in message . .. Where is this happenening - on the local computer or in Active Directory?? --- Steve "Zhenxin Li" wrote in message ... Hello, I notice that power users can browse who are administrator accounts by default. Is there a security policy option to disable this behavior? I need most of the power user's rights, but don't want this account knows anything about the higher level accounts. Best regards, Zhenxin Li |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Power Schemes and Multiple Users | Mike McCollister | Performance and Maintainance of XP | 5 | March 12th 06 11:55 PM |
What is origin of power options for new users on WinXP? | Pat Coghlan | General XP issues or comments | 3 | February 24th 06 04:36 PM |
Users set as Local Administrators group changes to "Debugger Users | Jason | Security and Administration with Windows XP | 2 | July 18th 05 08:58 PM |
Disable share button for power users and administrators | Alexandre | Security and Administration with Windows XP | 0 | January 3rd 05 05:03 PM |
Power User | Phil | Security and Administration with Windows XP | 7 | October 31st 04 03:44 PM |