Windows (local/domain) password cannot change with shadowuser...solution?

Discussion in 'sandboxing & virtualization' started by ashpr, Oct 16, 2006.

Thread Status:
Not open for further replies.
  1. ashpr

    ashpr Registered Member

    Joined:
    Sep 9, 2006
    Posts:
    7
    Hi guys,

    We are using shadowuser to secure some of our company's laptops, so users cant install cr*p and then complain to IT that his/her laptop is messed up.

    I have excluded the "C:\Docs and Settings" folder so their files won't disappear at bootup.

    BUT, whenever they, as we periodically require them to, change their windows login password (whether its local logon or domain password), it always returns to the old password after reboot.....can anyone point me to which directory I should exclude or auto-commit so this will work?

    Thanks All.

    ps. Is it better to exclude c:\docs and settings or auto-commit? Which one is the better practice?
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    Hello,
    I'm not quite sure what registry key you need to preserve in order to save the changes, but here are a few guidlines that might help:

    Try Group Restriction Policies (gpedit.msc).

    In there, you will find lots and lots of options for hardening Windows, including only local users. You can also prevent installations from within the Policies, so this might be worth looking into.

    Not exactly the answer you needed, but might work - especially since some of the options concern the password.

    Mrk
     
  3. ashpr

    ashpr Registered Member

    Joined:
    Sep 9, 2006
    Posts:
    7
    Hello, thanks for the reply.

    I guess....if I can know which filenames contain the registry (or wherever winXP stores passwords), I can auto-commit them, so when computer reboots, shadowuser commits the changes in those files.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    Hello,
    If ShadowUser supports that, yes.
    Check with Microsoft knowledge base, you might find there. They usually have solid info for administrators and IT guys.
    Mrk
     
Loading...
Thread Status:
Not open for further replies.