Re: Faking administrators accounts?

From: x y (jamescagney90210@excite.com)
Date: 06/17/02


From: "x y" <jamescagney90210@excite.com>
Date: Mon, 17 Jun 2002 09:08:29 -0400


You could change the SID by disabling the administrator account and creating
other accounts with administrator privileges. It's frequently recommended
that each admin have their own administrator-equivalent account [in addition
to their normal non-privileged account] and avoid using generic shared
accounts such as "administrator" whenever possible, for better security and
accountability. However, someone who can get the login ID from the sid can
also probably enumerate your login IDs and possibly determine what groups
those IDs are in, as well as a lot of other stuff you don't want. In case
it wasn't already mentioned in this thread, there are settings you can
change to mitigate these risks, such as the RestrictAnonymous setting as
well as using firewalls.

"Daniel Masur" <d.masur@.d-s-a-g.nospam.de> wrote in message
news:eMnyTSfFCHA.2424@tkmsftngp04...
> "Ingmar Koecher" <ingmar.newsgroup@netikus.spam.net> schrieb im
Newsbeitrag
> news:adjb2h$tu5$1@msunews.cl.msu.edu...
> > The idea behind this is simple. Generally it's recommended to rename the
> > "Administrator" account to something else - the best would be normal
> > username ;-), so that an intruder not only has to find out the password
> but
> > also the username.
>
> But what about the uid?
> Afaik, the admin account has the uid 501.
> By simply renaming it the uid should remain the same.
>
> So the renamed admin account would still be gainable by trying the uid.
>
> Or am i wrong?
> -Daniel Masur
>
>