How can I prevent one Admin from deleting another Admin??


  1. Posts : 2
    Windows 7 Professional x64
       #1

    How can I prevent one Admin from deleting another Admin??


    I am setting up a very basic computer for a company, and I have already activated "The Administrator" and created a secondary Administrator. I will need accesss to The Administrator often. So what I am asking; Is there a way to prevent one administrator from deleting the other intentionally or unintentionally? I've set the password on the one I don't want deleted, but I know that is not enough, because the other Admin can still remove it.
      My Computer


  2. Posts : 2,298
    Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
       #2

    Not sure how this is network or sharing related but it should be noted that the built-in Administrator can never be deleted only deactivated. It is strongly advised to only activate it when necessary.

    You should only allow users Admin access if you wish them to have full control of that machine. The only possible way I can think of is to restrict access via group policy to that one Administrator so that it cannot change what you don't want it to.

    Group Policy - Apply to a Specific User or Group

    Please understand that even this isn't perfect and they may be able to bypass it via a command prompt therefore it may be worth restricting access to the command prompt. That being said if you want that much restriction then the account in question should really be a standard user.

    Josh
      My Computer


  3. Posts : 2,497
    Windows 7 Pro 64 bit
       #3

    How can I prevent one Admin from deleting another Admin??
    You can't.

    Any attempt to restrict what an admin can do is an exercise in futility. Some very limited restrictions are possible but they are nothing more than speedbumps for anyone beyond the novice level. Giving such individuals admin access on a business computer would be asking for trouble.

    By design all admin accounts have essentially unrestricted control over the computer. Whatever access they do not have they can grant themselves. Any change made by one admin can be changed by another. All admin accounts are equal. The built in Administrator account is a little different but not relevant to your issue. Any admin can delete, change the password, and make any other changes to any account without knowing the password to that account. All of this is by design.

    All users with admin accounts must be trusted to use their powers for good. You have to work out your issues by means of policies known to all admins. They cannot be enforced by any settings on the computer.
      My Computer


  4. Posts : 2
    Windows 7 Professional x64
    Thread Starter
       #4

    Thanks, I had a feeling that was going to be the answer. I'll see what I can do, it's not so much that I want to restrict the other Admin as much as it is i just don't want them to lock me out of the computer.
      My Computer


  5. Posts : 2,298
    Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
       #5

    I think LMiller7 is correct with a company policy being enforced with appropriate sanctions for this
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:53.
Find Us