Re: Neutering Administrator

From: Toby Herring (therring*_at_*teletrack.com)
Date: 08/02/04 

Date: Mon, 2 Aug 2004 15:23:48 -0400

The preferred method is to:

a) Rename the built-in administrator account to something less easy to
guess/identify
b) Create a new normal user account named Administrator. Disable this
account or give it a very long, gobbledygook password that you'll never
remember, or both.
c) Alter full name and description of the new fake Administrator account so
that when listed, it looks like the real administrator account.
d) Alter the real (renamed) Administrator account's full name and
description so that it's not obviously the Administrator account.
e) Set up login failure auditing for the fake Administrator account. This
way you can scan your event logs for failed logins and have a good chance at
observing hack attempts. (Some standard hack attempts on Win machines
attempt to hack into the Administrator and/or Guest accounts, since they're
always there, can't be deleted, and most people don't bother to rename
them.)

This way you'll still have your original Administrator account, with all its
rights and ownership, but it will no longer be named Administrator. And you
have set up bait to help you get some warning if some jackhole decides to
target your server. 

-- 
Toby Herring
MCDBA, MCSD, MCP+SB
"news.microsoft.com" <nobody@nowhere.abc> wrote in message
news:Odd7UPudEHA.1604@TK2MSFTNGP11.phx.gbl...
> I want to continue using Local\Administrator for day to day activities,
and
> I know that this is evil.
>
> Can I get away with the following?
>
> 1.  Create a new account that is hard to guess, something like Admin293.
> 2.  Give Admin293 a strong password and Administrator rights.
> 3.  Save this login and password in a secure location.
> 4.  Take away the Administrator rights from the Local\Administrator
account.
> 5.  Continue working as Local\Administrator.
>
> Can anyone think of a reason why this might not work?
>
> I realize that any services or scheduled jobs which ran as
> Local\Administrator will have to run instead as Admin293.
>
> Thanks,
>
> -G
>
> gerardvignes.com
>
>
>
>

Relevant Pages

  • Re: Rename administrator account- Unattended from command line or
    ... Thanks for the tip Todd. ... I should have emphasized that I am trying to rename ... policy "rename administrator account" setting. ... "Administrator"--despite the fact that ADUC displayed the new admin name ...
    (microsoft.public.windows.server.general)
  • Re: Account Rename Policy
    ... Ok something changed in GPO leavethat one.But I don,t want to rename the ... Global administrator account policy,so tell me what i have to in GPO. ... TESTnamed DC and XYZ is a system is the member TEST domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADSI and C#
    ... that is a honor! ... But when you sad that i must create and delete i think your wrong and here ... >> I want to rename the logon name. ... > of renaming the administrator account do you? ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Rename Administrator Account
    ... If you're ever in the mood to "change history" you can do this. ... and now you are going to have to go and scrape all ... the setting for 'rename administrator account' and 'rename ...
    (microsoft.public.windows.group_policy)
  • Re: A problem regarding admin rights and passwords.
    ... the administrator account. ... it is recommended that you rename the ... Administrator account on all computers in the Windows Small Business Server ... > the account of the user with admin rights. ...
    (microsoft.public.windows.server.sbs)
Quantcast