April 4th, 2004, 06:38 PM
Xp admin accounts
On a computer I share with my younger brother we both have 2 seperate accounts each with admin priviledges. Now he can delete reset my password if he wants and I could do the same to him if I was that way inclined.
I was just woundering whether theres a registry hack that would enable me to prevent this happening? or anything that would kinda prevent this happening
The box in question runs XP pro.
April 4th, 2004, 06:41 PM
Nope. If you are admin then you are admin... period. Whatever you can do he can undo and visca-versa. While he isn't looking just demote him to power user and don't tell him.... He may never find out....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
April 4th, 2004, 06:49 PM
In reality neither of you should be using accounts with admin privledges. You should both have user, or maybe power user accounts, and log into admin only when you need those rights. It's best to leave the admin account alone when you don't need it.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
April 4th, 2004, 07:43 PM
I agree with you HTRegz, it should be like when I use linux that I leave admin allow and only enter it when i need it. But everything I was doing on XP was saying you dont have priviledges, so it was winding me up..
After his last little fiasco destroying vital files and having to post me the disk to sort out i was dubious to let him have admin, but he complained until I was bored of listening to him that he couldnt install his games that I let him have admin.
The box isnt connected to the internet, although that shouldnt really play to bigger issue in who has admin and who doesnt, I felt that as long as he was sensible that it would really be to bigger issue.
Just woundering anyway, I googled couldnt find anything so asked you lot. Cheers for quick reply
April 4th, 2004, 08:23 PM
If the computer belongs to both of you, then you shouldn't both have admin account's. If the computer is your's however, then YOU should have the admin account. Like HTRegz said, create a lower-level account for both of you and only go on the admin account when it's needed.
April 5th, 2004, 08:06 AM
[gloworange]if u ask then yo are not ready to know.period!!![/gloworange] xp accounts?sobber up dear!try the regisry crackiing.two admin?the world wd be too small.
April 5th, 2004, 11:14 AM
(this is for Win2k, should be very similar if not exactly the same)
1. In your local security policy and remove the administrators group from "take ownership" and add only your account.
2. Remove his access to secpol.msc, secedit.exe, cmd.exe, regedit.exe in a similar manner.
3. Take exclusive ownership of the aforemenioned files.
I know there are more efficient and actually full-proof ways to do this, this is just a bad solution off the top of my very sleep deprived head. It should get the job done though.
The admin account is bound to the security policy, unlike root accounts so via access controls it is possible to lock (one of) the admin account(s) down.
April 15th, 2004, 03:19 AM
but catch, your way would be depriving his brother of privileges.. as has been said before, you should both use lower-level accounts, so that you have less of a chance of messing up the computer.
April 15th, 2004, 08:24 AM
1. He never asked what accounts he should use.
2. Operating with a lower level account would also "be depriving his brother of privileges."
I gave the answer I did because of the above two reasons and because people seem to have the idea that the NT admin account is like the UN*X root account, which it is not.
April 15th, 2004, 11:36 AM
catch: thanks for your solution ill look into it,
Im well aware of the differences, im usually a *nix person anyway
NT admin account is like the UN*X root account