I would like to create user accounts with admin access, but I don't want the users to mess up the real administrator...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
account. Is there a way to hide the administrator account, so it's not visible to other users, even though they have admin rights? Also, I would like to know if there is a built-in tool in Windows 2000 that can track the user history (i.e., what exactly they are doing on the server). While there is no way to hide the administrator account, there are a number of workarounds that might fit your needs. Depending on why your users specifically require administrative access, you can create customized and restricted Microsoft Management Consoles so that they can only perform those tasks that are necessary to their job function. Alternately/additionally you can separate users into different organizational units (OUs) and limit their administrative access to only those objects within their "home" OU, obviously leaving the administrator account in a different OU.
In terms of tracking user history in Windows 2000, you can audit logon and logoff, file/object access, use of user rights and several other items through group policy or local machine auditing -- the results of which would be logged to the machine's security log. If you have many machines' logs to monitor, Microsoft offers a free utility called EventComb that will query multiple security log files for specific EventID's or user names; there are also third-party utilities that will assist in centralizing this process. Hope this helps.
Related Q&A from Laura Hunter
Active Directory expert Laura E. Hunter explains to a reader what must be done to change the default display specifiers for new users in Active ...continue reading
Active Directory expert Laura E. Hunter tells a reader what to keep in mind when deleting subnets associated with sites being removed in an ...continue reading
Active Directory expert Laura E. Hunter offers some advice for changing the IP addresses of domain controllers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.