prevent use of 'net user' command to change passwords on windows vista / xp

Question

the point is, if i'm logged in (and as almost every windows user, i've got an admin-account), and someone comes across my not locked pc, it is possible to change my password the pro-way through using:

net user Admin %NEW_PASSWD%

what can i do to prevent that, besides not being logged in as admin.

i once saw a way, where the 'net user' command was substituted by a .bat file. so if you call 'net user Admin ...', it runs this .bat-file instead, which locks the notebook immediately.

problem is, i honestly don't know how i could let windows substitute eg net.exe with a .bat-file. (too little windows knowledge)

do you know any way how to do it? i'd appreciate it.

Answer 1

Possible solutions:

1. Lock your PC when you leave it. Most companies make this a policy. ChrisF beat me to post this.
2. Rename NET.EXE in your Windows System32 folder or place NET.BAT earlier in your PATH with something that locks the machine (psshutdown -l).
3. And the obvious that's been suggested already - don't run as admin.

Answer 2

Possible solutions - but all have drawbacks:

1. Make sure you lock you PC every time you step away even for a minute. This requires you to change your behaviour.
2. Set your screen saver wait time to 1 minute and password protect. This won't stop someone who comes across your PC within the first minute and will get annoying as it will kick in even if you are sitting at the PC - you aren't constantly using your PC.

The only real solution is to run as a non admin.