Re: Default Administrator lockout
From: Roger Abell (mvpNoSpam_at_asu.edu)
Date: 02/28/04
- Next message: S. Pidgorny
: "Re: Domain Controllers and third Party certificates" - Previous message: Fast Eddie: "Re: Schannel error on W2K server -- HELP --"
- In reply to: Spyke: "Re: Default Administrator lockout"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Feb 2004 16:10:14 -0700
Well, it locked when I ran a quick test before posting :-)
"Spyke" <spyke@mailinator.com> wrote in message
news:%23i3L1LW$DHA.2664@TK2MSFTNGP09.phx.gbl...
> Good Day,
>
> I believe the built-in Administrator account of Win/XP/2K3 can't be locked
> out because of incorrect passwords but it can be disabled.
>
> Cheers,
> Spyke
>
> "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
> news:%23Q%23fiNS$DHA.2804@tk2msftngp13.phx.gbl...
> > "rav" <ravburano@hotmail.com> wrote in message
> > news:%23XdFJ4F$DHA.1796@TK2MSFTNGP12.phx.gbl...
> > > Hi,
> > >
> > > Thanks for your replies but my point is that i have neither disabled
the
> > > admininstrator account in GPO or used passprop.
> > >
> > > Thanks
> >
> > Well, about all I can tell you is that it is so, the built-in is
> > subject to lock-out. Thinking this is a defined changed
> > I set out to pull up where this is mentioned as a changed
> > behavior for W2k3, but to my surprise what instead I am
> > finding (so far) are what look like cut/pastes from W2k era
> > docs into the W2k3 docs. For example
> >
>
http://microsoft.com/technet/prodtechnol/windowsserver2003/maintain/operate/BPACTLCK.asp
> > under its DoS prevention section has the statement :
> > "Rename the administrator account: Because the administrator account
> cannot
> > be locked out, it is recommended that you rename the account. Although
> this
> > does not mitigate all of the attacks against the administrator account,
it
> > does help mitigate these attacks most of the time."
> >
> > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> > > news:ewK5URD$DHA.916@TK2MSFTNGP10.phx.gbl...
> > > >
> > > > "Laura A. Robinson [MVP]" <geekwench@snippit.hotmail.com> wrote in
> > message
> > > > news:MPG.1aa68f89e9fae6559897a1@nn.bloomberg.com...
> > > > > In article <#U2XXVy#DHA.684@tk2msftngp13.phx.gbl>,
> > ravburano@hotmail.com
> > > > > says...
> > > > > > Hi,
> > > > > >
> > > > > > I have got the default administrator account (it is not a
renamed
> > > > account or
> > > > > > anything like it, the SID is correct) on a Windows 2003 DC to
lock
> > > out.
> > > > > > Aanyone else have this at all? Thought it was impossible to do
as
> it
> > > is
> > > > a
> > > > > > backdoor.
> > > > > >
> > > > > Not only is it possible (Google for passprop.exe), with Win2K3,
you
> > can
> > > > > use group policy to disable the account altogether.
> > > > >
> > > > > Laura
> > > >
> > > > altogether except for safe mode boots
> > > >
> > > > Roger
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: S. Pidgorny
: "Re: Domain Controllers and third Party certificates" - Previous message: Fast Eddie: "Re: Schannel error on W2K server -- HELP --"
- In reply to: Spyke: "Re: Default Administrator lockout"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
