Skip navigation
Menu
Compute Engines

JSI Tip 4188. How do I prevent ordinary users from creating user accounts on their Windows 2000 Professional computer?


An ordinary user of a Windows 2000 Professional computer can use My Computer / Manage / Local Users and Groups / New User to add a local new user to their computer.

In a company environment, this is NOT desirable.

To prevent this ability:

1. Log on locally as a member of the Administrators group.

2. Open a CMD prompt and type:

        net localgroup users "NT AUTHORITY\INTERACTIVE" /DELETE

NOTE: You can create a batch that contains this command and use PsExec:

PsExec \\RemoteComputer -u DomainAdminAccount -p DomainAdminPassword \\ServerName\ShareName\BatchName.

NOTE: To do this on all the workstations in your Windows 2000 domain, use the following batch file:

@echo off
setlocal
For /f "Skip=1 Tokens=1" %%i in ('netdom query /domain WORKSTATION') do call :computer "%%i" 
endlocal
goto :EOF
:computer
set machine=%1
set machine=%machine:"=%
if "%machine%" EQU "The" goto :EOF
if "%machine%" EQU "Directory" goto :EOF
PsExec \\%machine% -u DomainAdminAccount -p DomainAdminPassword \\ServerName\ShareName\BatchName


Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
RBC royal bank of canada logo on building
A Look at Royal Bank of Canada's Homegrown GPU Farm
Sep 10, 2020
quantum computing qubits
An Enterprise Guide to Quantum Computing
Jan 22, 2020
supercomputing blue squares chip intelligence
2019 Brought Red Hat Enterprise Linux 8, k3s and HPC-in-a-Box
Dec 19, 2019
person uses tablet to get support help
A Guide to Open Source Support Providers
Dec 13, 2019