I would like to create user accounts with admin access, but I don't want the users to mess up the real administrator...
account. Is there a way to hide the administrator account, so it's not visible to other users, even though they have admin rights? Also, I would like to know if there is a built-in tool in Windows 2000 that can track the user history (i.e., what exactly they are doing on the server). While there is no way to hide the administrator account, there are a number of workarounds that might fit your needs. Depending on why your users specifically require administrative access, you can create customized and restricted Microsoft Management Consoles so that they can only perform those tasks that are necessary to their job function. Alternately/additionally you can separate users into different organizational units (OUs) and limit their administrative access to only those objects within their "home" OU, obviously leaving the administrator account in a different OU.
In terms of tracking user history in Windows 2000, you can audit logon and logoff, file/object access, use of user rights and several other items through group policy or local machine auditing -- the results of which would be logged to the machine's security log. If you have many machines' logs to monitor, Microsoft offers a free utility called EventComb that will query multiple security log files for specific EventID's or user names; there are also third-party utilities that will assist in centralizing this process. Hope this helps.
Related Q&A from Laura E. Hunter
Active Directory expert Laura E. Hunter offers some advice for changing the IP addresses of domain controllers.continue reading
A Windows administrator moving from Windows Server 2003 to Windows Server 2003 R2 wants to perform a restore of a previous server to a new one ...continue reading
An admin has two domains and two Active Directories. He wants to know how to join the Active Directories so that internal staff can access both, but ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.