Users Group Member Can Add New Users in Windows XP

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q310753
This article has been archived. It is offered "as is" and will no longer be updated.
When a member of the Users group tries to use the Users and Passwords tool in Control Panel in Windows XP, the user is prompted for the Administrator password:
You must be a member of the Administrators group on the computer to open the Users and Passwords control panel. You are logged in as Machine_name\User_name, which is not a member of the Administrators group.

Specify the user name and password of an Administrator on this computer to continue:
User name:

You can change your password without opening the Users and Passwords control panel by pressing CRTL-ALT-DEL and selecting Change Password.
However, the Administrator account and password are ignored if the user runs the Administrative Tools tool in Control Panel. The user can gain access to the Computer Management tool and the Local Users and Groups subtree it contains. When the user gains access, a member of the Users group can add a new user to the computer. The user can also change the password for the created account. Members of the Users group cannot promote the new user to the Administrators group, nor can they change another account's password.
This behavior is the default configuration in Windows XP. To disable this functionality, revoke the "NT Authority\Authenticated Users" security principal from the Power Users group:
  1. Log on to the Windows-based computer using an account with administrator rights.
  2. Click Start, and then click Control Panel.
  3. Double-click Administrative Tools, and then double-click Computer Management.
  4. Double-click Local Users and Groups, and then click the Groups folder.
  5. In the right pane, double-click Power Users.
  6. Click NT AUTHORTY\INTERACTIVE, and then click Remove.
  7. Click OK.

Article ID: 310753 - Last Review: 12/07/2015 08:03:15 - Revision: 1.5

Microsoft Windows XP Home Edition, Microsoft Windows XP Professional, Microsoft Windows XP Professional x64 Edition

  • kbnosurvey kbarchive kbenv KB310753