Re: What does the Domain Adminstrator have that I don't?

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 09/28/05

• Next message: James Fabulous: "Child/Parent Domain sanity Check"
• Previous message: ChrisW: "What does the Domain Adminstrator have that I don't?"
• In reply to: ChrisW: "What does the Domain Adminstrator have that I don't?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 28 Sep 2005 13:03:58 -0500

You can't disable the built in administrator account in Windows 2000 but you
can in XP Pro/Windows 2003 which will leave it available only for logon in
safe mode. What you could do is give it a very complex password that is
written down and stored in a couple of safe places like sealed in an
envelope in a safe and then use accounts added to the domain admins group
for your domain administrator needs. The other advantage of the built in
administrator account is that it can not be removed from the administrators
group for the domain while any other account or group can. Of course a
domain administrator can change the password on the built in administrator
account. If you are not sure that you can trust your domain administrators
that could be concern and enabling auditing of account management in Domain
Controller Security Policy would record an event when a password is changed
or reset on any user account. The command net user username will also show
the password last set date for any account which may also be helpful in
monitoring the administrator account. --- Steve

"ChrisW" <chriswo2k@gmail.com> wrote in message
news:1127929826.675764.180510@g44g2000cwa.googlegroups.com...
> Hello,
>
> Silly question, I know. I understand you cannot delete the Domain
> Administrator, and that it has a static SID. But, say I give myself all
> the same rights as administrator. Is there any reason why I could not
> disable the account and forget about it?
>
> Thanks in advance,
>
> ChrisW
>

---

• Next message: James Fabulous: "Child/Parent Domain sanity Check"
• Previous message: ChrisW: "What does the Domain Adminstrator have that I don't?"
• In reply to: ChrisW: "What does the Domain Adminstrator have that I don't?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Event 1202 Warnings after Renaming Administrator Acct on SBS2003 ... policy to rename the account although it is not really necessary or useful. ... Did I check Group Policies for references to the Administrator ... Failed to perform redirection of folder Desktop. ... (microsoft.public.windows.server.general) Re: Deleting Multiple Users ... OK - left it alone for a while but it got into Safe ... Administrator - Computer Administrator, and ... | recreate the super administrator account when it appeared to be frozen. ... | the safe mode Administrator again, ... (microsoft.public.windowsxp.setup_deployment) Re: Lost Admin PW in XP home ... No joy means that I could not create a new Administrator PW in the safe ... Windows logon screen comes up with the Administrator name already loaded and ... another window also pops up saying "account not accessable" or something ... (microsoft.public.windowsxp.security_admin) Event 1202 Warnings after Renaming Administrator Acct on SBS2003 ... one referencing the original administrator account: ... specific policy setting that was flagged with a big, ... I used an incorrect procedure to rename the ... (microsoft.public.windows.server.general) Re: Event 1202 Warnings after Renaming Administrator Acct on SBS2003 ... Did you check the Group Policies for references to the Administrator ... Administrator account? ... what policy do you have? ... referencing the former administrator account. ... (microsoft.public.windows.server.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)