Preventing Users from Creating Local User Accounts

by Chris Sanders [Published on 14 Dec. 2006 / Last Updated on 14 Dec. 2006]

By default, any user on computer can create a local user account. Let’s fix that.

In Windows 2000 or XP any user who logs on to a computer has rights to create a basic local user account on that machine. Although these created users will only be in the users group and not power users or administrators of the machine, this is still something that should not be happening on a regular basis as it can create security loopholes in your workstations.

To remedy this situation you can right click on my computer, select manage, and browse to the groups section under the local users and groups heading. Double clicking the users group should display all of its members. You will notice in this group that NT AUTORITY/INTERACTIVE is a member. Selecting this account and clicking remove will remove it from the group and prevent users from creating other local user accounts.

***

Chris Sanders is the network administrator for one of the largest public school systems in the state of Kentucky. Chris's specialties include general network administration, windows server 2003, wireless networking, and security. You can view Chris' personal website at www.chrissanders.org.

The Author — Chris Sanders

Chris Sanders is a network security analyst for EWA Government Systems Inc. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at www.chrissanders.org contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.

Latest Contributions

Querying Event Logs Using Wevtutil 18 Aug. 2011
Using Process Explorer to Examine Dialog Boxes 5 July 2011
Process Monitor versus Process Explorer 4 July 2011
Hiding Account Properties When a Device is Locked 30 June 2011
Forcing Server 2008 Domain Controller Demotion 30 June 2011

Register Now for Office365 CON - 2017 Online Conference!

Early registration is now open for Office365 CON 2017, the annual online gathering of IT Strategists, Microsoft MVPs and Messaging Technology Vendors. This convenient, annual online event is presented by TechGenix and MSExchange.org for the benefit of busy IT Professionals within the global Office 365 and MS Exchange communities.

Early registrants for this year's conference will also receive a Symantec White Paper: Top 5 SSL/TLS Attack Vectors: How they have impacted IT and how you can avoid them , as well as an invitation to join a special Conference Preview broadcast.

Time and Date: Thursday, March 23, 2017, starting at 10am EDT | 9am CDT | 7am PDT

Newsletter Subscription

WindowsNetworking.com Sections

Featured Freeware

Download Free TFTP Server. The most trusted on the planet by IT Pros

Home
Articles & Tutorials
Building a PowerShell GUI (Part 13)

This article concludes the PowerShell GUI series by demonstrating a technique for changing a virtual machine’s memory allocation by using a GUI interface... Read More

Importance of Service Records (SRV) in an Active Directory Environment

SRV Records, sometimes referred to as Service Records, are required by services such as LDAP, KDC, Global Catalog, KMS and any other applications that registers SRV records to provide services to the clients... Read More

Articles & Tutorials Categories
KBase Tips
How do I list Active Directory Manual Replication Connection Objects?

Tip explains how to get manually created replication connection objects in an Active Directory Forest... Read More

Check Object Replication Status across Active Directory Forest

Tip explains how you can check object replication status Active Directory forest... Read More

Windows Server 2012/2008/2003/2000/XP/NT Administrator Knowledge Base Categories

Reviews
Free Tools
Blogs
Forums
White Papers
Contact Us

Community Area

Preventing Users from Creating Local User Accounts

See Also

The Author — Chris Sanders

Latest Contributions

Featured Links