Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how do I lock everyone including the administrator out of my machine? 2

Status
Not open for further replies.

duff64

MIS
Jun 11, 1999
8
US
I want to lock everyone out of my machine, do I simply need to put a password on the administrator account? Anfd how can I keep others from mapping to my machine?<br>
<br>
Tahnks
 
There is no way to lockout the Administrator other than changing the password to something only you know. Are you working with the server or a workstation?
 
jsauce,<br>
<br>
I am working with workstation.
 
Admins can view/download files off of your hard drive, without you knowing it (over the network), as long as your PC is running. Changing the password won't stop them from doing this, though.<br>
<br>
Anyone know how to prevent this?<br>
<br>
Bob
 
As long as the machine is not participating in Domain Security and the local admin password is not the same as the admin's. or known to anyone else, and the shares, if any, are restricted, access will be denied. Windows NT Security is implicit denial therefor, unless the right is granted by domain security, access is governed by local accounts. So, make sure that it is a member of a domain but not participating in it's security, and make sure your local account passwords are secure and the local shares are secure.<br>

 
He's right local security is first, before network security. But I wonder if we are not helping someone who is trying to prevent a SYS ADMIN, who should have access to his system, now not have access. In any case there are reasons why there are Administrators and then just plain users. Let the administrators have their access, trying to remove it could cause more trouble than it is worth...just a tip.
 
I would agree, generally this is against a companies published security policy. If something happens to this person (dead, leave, etc.) then access to the base accounts becomes a hack instead of a simple login. In any rate, I would confer with your IT department in order to make the best decision on how to secure your local data. Besides, there is no way to absolutely keep someone out. There are methods of extracting passwords from NT without the end user's knowlege hence the info above is meant to keep the curious out, but ultimately cannot keep a serious admin out of the system (as it should be).
 
Sysadmin get particularly testy when you do lock them out, and promptly think you're doing something you shouldn't. this tends to tempt them into A.) having a word with your supervisor on your attempting to obstruct their job, or less pleasantly B.) hacking their way into your machine to see what you're not supposed to be doing.<br>
(I prefer b, as I can claim its a security test, and the offender was just randomly chosen...then changing the user's passwords so they HAVE to admit what they did)<br>
<br>
Oh, and if the local accounts are stored on a server, what would let a workstation modify their account?
 
pull the network cable out the back of your machine,& pull the keyboard out to. that should keep them off your pc for a bit :cool:
 
on nt workstation, one can block any remote access by stopping the server service (assumes one is not sharing drives or printers). You need admin access to do this. There are a few (very few) odd applications that require server service be running. Try it if you have local admin access.
 
I don't know about NT Workstation (not installed) but I hope someone will try this and let me know if it works. I've had a little fun denying admin access to a large branch of folders on my Win95 station. Use the command prompt to create a directory name consisting of the ASCII character 229. Then use SUBST Z: [char229] to give youself access from the desktop. Move all of your &quot;mission critical&quot; files to the Z: drive and ask the administrator if he can access the drive.<br>
Works on 95, probably because remote admin doesn't work very well. Someone let me know how it works on Workstation.<br>
<br>
Bored and restless in Ohio
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top