Menu
Compute Engines

JSI Tip 4188. How do I prevent ordinary users from creating user accounts on their Windows 2000 Professional computer?


An ordinary user of a Windows 2000 Professional computer can use My Computer / Manage / Local Users and Groups / New User to add a local new user to their computer.

In a company environment, this is NOT desirable.

To prevent this ability:

1. Log on locally as a member of the Administrators group.

2. Open a CMD prompt and type:

        net localgroup users "NT AUTHORITY\INTERACTIVE" /DELETE

NOTE: You can create a batch that contains this command and use PsExec:

PsExec \\RemoteComputer -u DomainAdminAccount -p DomainAdminPassword \\ServerName\ShareName\BatchName.

NOTE: To do this on all the workstations in your Windows 2000 domain, use the following batch file:

@echo off
setlocal
For /f "Skip=1 Tokens=1" %%i in ('netdom query /domain WORKSTATION') do call :computer "%%i" 
endlocal
goto :EOF
:computer
set machine=%1
set machine=%machine:"=%
if "%machine%" EQU "The" goto :EOF
if "%machine%" EQU "Directory" goto :EOF
PsExec \\%machine% -u DomainAdminAccount -p DomainAdminPassword \\ServerName\ShareName\BatchName


Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Related
Network servers in data center
eBay Shares Server Designs as It Rebuilds IT Infrastructure
Sep 15, 2018
Broadcom Launches Open NFV Platform and Multiple SoCs
Feb 21, 2014
Simultaneously Promoting More than One Computer to a DC
Feb 13, 2013
Selling Sales Force Automation
Feb 13, 2013