Re: Built In Admin account vs Created one
From: Vanguard (rztqf6v02-NIX_at_sneakemail-NIX.com)
Date: 08/31/03
- Next message: Vanguard: "Re: I got this e-mail"
- Previous message: Jonathan Maltz [MS-MVP]: "Re: NT AUTHORTY\Authenticated Users & NT AUTHORITY\Interactive"
- In reply to: Steven L Umbach: "Re: Built In Admin account vs Created one"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 31 Aug 2003 02:11:16 -0500
"Steven L Umbach" <n9rou@comcast.net> wrote in message
news:oGb4b.235031$It4.111599@rwcrnsc51.ops.asp.att.net
> I need to add, that by default the administrator account is the EFS
> Recovery Agent on a stand alone machine if EFS encryption is used. I
> do not believe that can be
> changed. It is possible to make another user/administrator the
> Recovery Agent instead later. Do not implement EFS until you know
> all tips, tricks, and traps ahead of time though. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B255742
>
> "Steven L Umbach" <n9rou@comcast.net> wrote in message
> news:oyb4b.234939$Oz4.63984@rwcrnsc54...
>> They have the same exact power/rights. The built in administrator
>> account is a member of the local administrators group and that is
>> where it gets its power. Adding another user to that group gives
>> them the same power. Here are the differences. The administrator
>> account has an assigned well known sid [known to hackers] account
>> can not be removed from the local administrators group, and it can
>> not be deleted, disabled [in W2K] or locked out from console logon.
>> The built in administrator
> group
>> is a target for attackers and for that reason it should be renamed,
>> given a very complex password, and audited for account log on
>> events. By default the administrator account can not be locked out
>> from network logon, but the passprop utility from the Resource Kit
>> is supposed to be able to allow that. Protecting the administrator
>> account is just one aspect of securing a computer. ----Steve
>>
>> http://www.microsoft.com/security/protect/
>> http://securityadmin.info/faq.asp#harden --- From the FAQ.
>>
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/default.asp
>> -- Technet security.
>>
>> "wutsitallabout" <wutsitallabout@comcast.net> wrote in message
>> news:021f01c36f56$72ed49d0$a601280a@phx.gbl...
>>>
>>> Can anyone out there please tell me if there is any
>>> difference between the Built in Administrator account
>>> versus one that is created and made a member of the admin
>>> group and only the admin group. It is a local account on
>>> a local machine (not logging on to a domain).
>>>
>>> To put it yet another way, are all of the rights,
>>> privileges and behaviours the same for each?
>>>
>>> Someone must know! If you claim that they do behave
>>> differently, can you please direct me to the source of the
>>> information. I need an official word on this. Not just
>>> opinions.
>>> Thanks
That's why I export the certificates, even for EFS and the
Administrator. Any userid in the Administrators group can then import
the certificate as long as you know the password used to encrypt the
private key in it when you do the import. I forgot once to export my
security certificates and got burned on a later restore after rebuilding
the machine. That's all it took to make me remember.
-- ____________________________________________________________ ** Share with others. Post replies in the newsgroup. ** If present, remove all "-nix" from my email address. ____________________________________________________________
- Next message: Vanguard: "Re: I got this e-mail"
- Previous message: Jonathan Maltz [MS-MVP]: "Re: NT AUTHORTY\Authenticated Users & NT AUTHORITY\Interactive"
- In reply to: Steven L Umbach: "Re: Built In Admin account vs Created one"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
