Menu
Compute Engines

JSI Tip 4188. How do I prevent ordinary users from creating user accounts on their Windows 2000 Professional computer?


An ordinary user of a Windows 2000 Professional computer can use My Computer / Manage / Local Users and Groups / New User to add a local new user to their computer.

In a company environment, this is NOT desirable.

To prevent this ability:

1. Log on locally as a member of the Administrators group.

2. Open a CMD prompt and type:

        net localgroup users "NT AUTHORITY\INTERACTIVE" /DELETE

NOTE: You can create a batch that contains this command and use PsExec:

PsExec \\RemoteComputer -u DomainAdminAccount -p DomainAdminPassword \\ServerName\ShareName\BatchName.

NOTE: To do this on all the workstations in your Windows 2000 domain, use the following batch file:

@echo off
setlocal
For /f "Skip=1 Tokens=1" %%i in ('netdom query /domain WORKSTATION') do call :computer "%%i" 
endlocal
goto :EOF
:computer
set machine=%1
set machine=%machine:"=%
if "%machine%" EQU "The" goto :EOF
if "%machine%" EQU "Directory" goto :EOF
PsExec \\%machine% -u DomainAdminAccount -p DomainAdminPassword \\ServerName\ShareName\BatchName


Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Related
Network servers in data center
eBay Shares Server Designs as It Rebuilds IT Infrastructure
Sep 15, 2018
intel sign
Intel CEO List Is Said to Eye Outsiders in Break With Tradition
Sep 04, 2018
Two Surface Tablets and Two Users
Microsoft MDM Hybrid Option Deprecated for Intune on Azure
Aug 17, 2018
This is an HP sign
HP Enterprise Tumbles on Earnings Outlook That Fails to Inspire
May 23, 2018