All of my users have to be administrators for various reasons like installing software, being in the field with limited internet access and not being able to wait for support to remote in and do administrative tasks among other things.
But I have a local administrator account that we use for asset tracking (Our asset reporting program reports differently based on whether or not this was the last login to be used etc because only a select few know this password) my point being
that we use this login a lot when moving computers between users and storage and other users.
How can I protect this account from people being able to just right click and reset password, most of my users aren't a problem but my developers are retardedly annoying with it; they keep trying to disable it or change the password or delete it thinking
it's going to disrupt the big brother software, but all it does is make billing and administration and moving computers a nightmare because we can't accurately tell what computers are being used where.
In active directory it's possible to explicitly allow only certain people ability to change a specific account regardless of domain access level. is this possible on a local level?
thank you for any help.
//moved to http://social.answers.microsoft.com/Forums/en/w7security/thread/cac0f989-f19c-4eb6-ac22-3d98ed61160b
