Re: Built In Admin account vs Created one
From: Steven L Umbach (n9rou_at_comcast.net)
Date: 08/31/03
- Next message: wutsitallabout: "User name and password at startup"
- Previous message: Steven L Umbach: "Re: Built In Admin account vs Created one"
- In reply to: Steven L Umbach: "Re: Built In Admin account vs Created one"
- Next in thread: wutsitallabout: "Re: Built In Admin account vs Created one"
- Reply: wutsitallabout: "Re: Built In Admin account vs Created one"
- Reply: Vanguard: "Re: Built In Admin account vs Created one"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 31 Aug 2003 00:53:40 GMT
I need to add, that by default the administrator account is the EFS Recovery Agent on
a stand alone machine if EFS encryption is used. I do not believe that can be
changed. It is possible to make another user/administrator the Recovery Agent instead
later. Do not implement EFS until you know all tips, tricks, and traps ahead of time
though. --- Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B255742
"Steven L Umbach" <n9rou@comcast.net> wrote in message
news:oyb4b.234939$Oz4.63984@rwcrnsc54...
> They have the same exact power/rights. The built in administrator account is a
member
> of the local administrators group and that is where it gets its power. Adding
another
> user to that group gives them the same power. Here are the differences. The
> administrator account has an assigned well known sid [known to hackers] account can
> not be removed from the local administrators group, and it can not be deleted,
> disabled [in W2K] or locked out from console logon. The built in administrator
group
> is a target for attackers and for that reason it should be renamed, given a very
> complex password, and audited for account log on events. By default the
administrator
> account can not be locked out from network logon, but the passprop utility from the
> Resource Kit is supposed to be able to allow that. Protecting the administrator
> account is just one aspect of securing a computer. ----Steve
>
> http://www.microsoft.com/security/protect/
> http://securityadmin.info/faq.asp#harden --- From the FAQ.
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/default.asp
> -- Technet security.
>
> "wutsitallabout" <wutsitallabout@comcast.net> wrote in message
> news:021f01c36f56$72ed49d0$a601280a@phx.gbl...
> >
> > Can anyone out there please tell me if there is any
> > difference between the Built in Administrator account
> > versus one that is created and made a member of the admin
> > group and only the admin group. It is a local account on
> > a local machine (not logging on to a domain).
> >
> > To put it yet another way, are all of the rights,
> > privileges and behaviours the same for each?
> >
> > Someone must know! If you claim that they do behave
> > differently, can you please direct me to the source of the
> > information. I need an official word on this. Not just
> > opinions.
> > Thanks
> >
> >
>
>
- Next message: wutsitallabout: "User name and password at startup"
- Previous message: Steven L Umbach: "Re: Built In Admin account vs Created one"
- In reply to: Steven L Umbach: "Re: Built In Admin account vs Created one"
- Next in thread: wutsitallabout: "Re: Built In Admin account vs Created one"
- Reply: wutsitallabout: "Re: Built In Admin account vs Created one"
- Reply: Vanguard: "Re: Built In Admin account vs Created one"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
