Preventing Users from Creating Local User Accounts

  • Section(s): Miscellaneous
  • Created on Oct 02, 2006.
  • Last Modified on Dec 14, 2006.
  • Last Modified by Chris Sanders.
  • Rated 3.9 out of 5 based on 8 votes.
By default, any user on computer can create a local user account. Let’s fix that.
In Windows 2000 or XP any user who logs on to a computer has rights to create a basic local user account on that machine. Although these created users will only be in the users group and not power users or administrators of the machine, this is still something that should not be happening on a regular basis as it can create security loopholes in your workstations.

To remedy this situation you can right click on my computer, select manage, and browse to the groups section under the local users and groups heading. Double clicking the users group should display all of its members. You will notice in this group that NT AUTORITY/INTERACTIVE is a member. Selecting this account and clicking remove will remove it from the group and prevent users from creating other local user accounts.

***

Chris Sanders is the network administrator for one of the largest public school systems in the state of Kentucky. Chris's specialties include general network administration, windows server 2003, wireless networking, and security. You can view Chris' personal website at www.chrissanders.org.

Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred Anti Virus Appliance solution?