Re: UNLOCKING ADMINISTRATOR PASSWORD

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 11/05/03 

Date: Wed, 5 Nov 2003 07:04:27 -0500

It's still not a bad idea. Every little bit helps. But you won't
necessarily die if you don't do it. Lots of people do this without
problems. It should not cause problems with running Runas. IIRC you get a
chance to enter which login ID you want to Run As.

Because the SID stays the same, some people use special tools as mentioned
before to disable the default Admin account and create new ones, and also
use RestrictAnonymous where possible to try to reduce account enumeration
[difficult to do very effectively on domain controllers]. If you do this,
then the real admin account can't be guessed by SID [although someone doing
this could easily just try every possible SID to find your login IDs].

Really, no one should be using the "Administrator" account, assuming it is a
shared account. Ideally, each person, admin or otherwise, gets one or more
login IDs that uniquely identify them and only them [and what has been done
to a system by them].

"Vanguard" <no-email@post-reply-in-newsgroup.nix> wrote in message
news:PU%pb.81873$ao4.249228@attbi_s51...

> Other than using a complex password, is it still advisable to rename the
> "Administrator" account to something else (since it should still retain
> the same SID) to also thwart hacking? Does renaming the Administrator
> account result in other problems, like when using RunAs?

Relevant Pages

  • Re: EFS Decryption Problem
    ... Was it only used to match up to the backed up userprofile, ... I thought the account's SID and password was involved in generating the ... a new account is created). ... instance of Windows would have a different SID even after restoring the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Update still failing with 80240020 and 8024000c
    ... There is still indication that the SID ... reporting because I think that ultimately it is going to be their accounts ... with the System account yesterday. ... In your case the System account would be ...
    (microsoft.public.windowsupdate)
  • RE: Error 15401 using sp_grantlogin (not addressed by current KB articles)
    ... argument to get_sid, it returns a sid. ... The sysxlogins.name column stores the NT account ... One way to get SQL Server to agree with the renamed NT ... check "Script all objects", on the Formatting tab UNcheck "Generate the ...
    (microsoft.public.sqlserver.security)
  • Re: is there a simple to get "userid" in a windows domain?
    ... suspect a minor change to the way I access ntSecurityDescriptor would give ... Is it possible to get a User SID from ... >> than the account names when referring to the account. ... >> Eric Fitzgerald ...
    (microsoft.public.security)
  • Re: Cannot obtain account SID using C#/WMI
    ... >>> user mapping is for the default SYSTEM account. ... >>> Is this SID available through WMI? ... This includes loading the user profile, ... you need to make sure that hives are unloaded when done with them! ...
    (microsoft.public.dotnet.languages.csharp)