Re: UNLOCKING ADMINISTRATOR PASSWORD

From: Vanguard (no-email_at_post-reply-in-newsgroup.nix)
Date: 11/05/03 

Date: Wed, 05 Nov 2003 05:29:19 GMT

Steven L Umbach wrote:
> Hi Vanguard. "The" administrator account can not be locked out to
> interactive logon. If passprop is used, then it can be locked out to
> network logon. Other users who are members of the administrators
> group will be locked out as other users based on policy enforced.
> This is one reason [other than the obvious power it holds] that "the"
> administrator account is such a target and needs a very complex
> password. --- Steve
>
> "Vanguard" <no-email@post-reply-in-newsgroup.nix> wrote in message
> news:KWUpb.80453$ao4.229038@attbi_s51...
>> Curtis Clay III [MSFT] wrote:
>>> Hello Chiedza,
>>> Please clarify, you cannot lock out the administrator account, if
>>> your current issue is that you are no longer able to logon to the
>>> server/domain, then you will need to either, logon with a different
>>> admin account, or use the ERD to recover the original administrator
>>> password.
>>>
>>> 258289 Windows 2000 Logon Passwords
>>> http://support.microsoft.com/?id=258289
>>
>> Hmm, so you're saying that the policy setting of "Account lockout
>> duration" is not effected against the Administrator account when
>> someone makes more than "Account lockout threshold" failed login
>> attempts? I thought at one time I locked myself out of
>> Administrator, the duration was 30 minutes, so I had to wait that
>> long before I could try to login again.
>>
>> --
>> ____________________________________________________________
>> *** Post replies to newsgroup. E-mail is not accepted. ***
>> ____________________________________________________________

Other than using a complex password, is it still advisable to rename the
"Administrator" account to something else (since it should still retain
the same SID) to also thwart hacking? Does renaming the Administrator
account result in other problems, like when using RunAs? 

--
____________________________________________________________
*** Post replies to newsgroup.  E-mail is not accepted. ***
____________________________________________________________

Relevant Pages

  • Re: Disabling Administrator Acount
    ... The best practise for securing AD is to disable the administrator ... That's not a best practice. ... If you use account lockout (and you should as THIS is a best ... Give the admin account a LONG, COMPLEX password and don't ...
    (microsoft.public.win2000.active_directory)
  • Terminal Services Account - "Administrator" account secure?
    ... a long complex password to my "Administrator" account. ... I am concerned that a hacker may attempt brute forced passwords to log in ...
    (microsoft.public.inetserver.iis.security)
  • Re: Administrator password change
    ... The real administrator account can not be locked out to interactive logon. ... > I have a user who can log in as himself with admin privs ...
    (microsoft.public.win2000.security)
  • Re: Event 1202 Warnings after Renaming Administrator Acct on SBS2003
    ... policy to rename the account although it is not really necessary or useful. ... Did I check Group Policies for references to the Administrator ... Failed to perform redirection of folder Desktop. ...
    (microsoft.public.windows.server.general)
  • Event 1202 Warnings after Renaming Administrator Acct on SBS2003
    ... one referencing the original administrator account: ... specific policy setting that was flagged with a big, ... I used an incorrect procedure to rename the ...
    (microsoft.public.windows.server.general)
Loading