Re: Changing the Administrator account username for security?

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 06/15/05 

Date: Wed, 15 Jun 2005 17:18:22 -0400

Depends on the access level and mechanism of the people trying to compromise you.

If they already have a normal userid in your domain or in a trusted domain,
there is no way to hide the identify of the administrator account as it has a
well known SID. However if access is through a web page or ftp, changing the
name of the account adds a layer of security. Adding a new disabled
no-permission account by the same name gives you a mechanism to track people
trying to attack the account by name. 

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
ab1225 wrote:
> I have read that one should either change the default "Administrator" 
> username to something less obvious or deactivate this account and create a 
> separate Administrator account.  I cannot seem to find any information to 
> back this up now.  What is Microsoft's recommendation?  What is any security 
> expert's recommendation?
> 
> Second question.
> 
> I administer a previously installed network on which the "Administror" 
> account username was left at "Administrator".  I was considering changing the 
> account name to a less obvious name, but was told not to by another network 
> administor (someone I do not have 100% confidence in).  Any recommendations 
> here?
> 
> Network configuration is a single Active Directory Microsoft 2000 Server 
> with Exchange 2000 Server, DHCP and DNS installed.

Relevant Pages

  • Re: USER PROFILE CORRUPT?? HELP!!!!!
    ... >Windows cannot log you on because your profile cannot be ... >that your network is functioning correctly. ... >problem persists, contact your network administrator. ... This is where the hidden account called ...
    (microsoft.public.windowsxp.general)
  • Re: Home network admin - can he browse my files?
    ... Network that I'll be connecting to in order to access the internet. ... the network administrator log on through the network to my laptop as ... account on the system have a complex password (Each of 4 character sets ... Can the network administrator log on ...
    (alt.computer.security)
  • Re: Cant logon to Windows
    ... The network, a desktop, laptop and 2 printers, seems to be working ... Administrator and User Group and disabling all of the accounts. ... "This account has been disabled. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Home network admin - can he browse my files?
    ... Network that I'll be connecting to in order to access the internet. ... the network administrator log on through the network to my laptop as ... Does every account on the system have a complex password? ... If the family member is extremely knowledgeable and willful enough, you will be hard pressed to prevent access to both the transmitted information as well as access to local system resources. ...
    (alt.computer.security)
  • Re: Network Type Change Locks Login
    ... Create an account for yourself. ... Log in as administrator. ... Use xcopy.exe to copy the dormat profile folder ... > of these domain name institutional network references. ...
    (microsoft.public.win2000.networking)
Quantcast