best practices: builtin administrator account in AD
From: mocity (mocity_at_discussions.microsoft.com)
Date: 05/25/05
- Previous message: Roger Abell: "Re: How to monitoring who has deleted a NTFS folder"
- Next in thread: ]: "Re: best practices: builtin administrator account in AD"
- Reply: ]: "Re: best practices: builtin administrator account in AD"
- Reply: Roger Abell: "Re: best practices: builtin administrator account in AD"
- Reply: Steven L Umbach: "Re: best practices: builtin administrator account in AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 May 2005 19:45:10 -0700
Hi,
I understand that renaming the builtin AD administrator account is a good
idea, but is disabling this account and additional good security measure? I
would have no problem disabling this account, except for the fact if all
other Domain Administrative accounts got locked out I would have no way of
logging to the domain with admin privileges except through rebooting a DC
into Safe Mode which enables the builtin administrator account---but this
would be a hassle. (i'm sort of paranoid of a scenario where a malicious user
locked out all my admin accounts, and me having to do this).
is having this account enabled a security risk, because it cannot be locked
and thus gives a person infinite attempts at cracking the password?
thanks.
- Previous message: Roger Abell: "Re: How to monitoring who has deleted a NTFS folder"
- Next in thread: ]: "Re: best practices: builtin administrator account in AD"
- Reply: ]: "Re: best practices: builtin administrator account in AD"
- Reply: Roger Abell: "Re: best practices: builtin administrator account in AD"
- Reply: Steven L Umbach: "Re: best practices: builtin administrator account in AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
