Ask the Expert

How can I hide the administrator account and track user history?

I would like to create user accounts with admin access, but I don't want the users to mess up the real administrator account. Is there a way to hide the administrator account, so it's not visible to other users, even though they have admin rights? Also, I would like to know if there is a built-in tool in Windows 2000 that can track the user history (i.e., what exactly they are doing on the server).

    Requires Free Membership to View

While there is no way to hide the administrator account, there are a number of workarounds that might fit your needs. Depending on why your users specifically require administrative access, you can create customized and restricted Microsoft Management Consoles so that they can only perform those tasks that are necessary to their job function. Alternately/additionally you can separate users into different organizational units (OUs) and limit their administrative access to only those objects within their "home" OU, obviously leaving the administrator account in a different OU.

In terms of tracking user history in Windows 2000, you can audit logon and logoff, file/object access, use of user rights and several other items through group policy or local machine auditing -- the results of which would be logged to the machine's security log. If you have many machines' logs to monitor, Microsoft offers a free utility called EventComb that will query multiple security log files for specific EventID's or user names; there are also third-party utilities that will assist in centralizing this process. Hope this helps.

This was first published in November 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: