Re: Disable or rename administrator account

Disabling an administrator account disables it for network or normal
interactive logon. You still can logon in Safe Mode. AD Recovery is a type
of Safe Mode and does not use the administrator account for the domain
anyhow as it uses the built in administrator account for that domain
controller which is what you are prompted for in AD recovery. I believe it
should also work in Recovery Console and that would be easy enough to test.
In my opinion as long as other security best practices are followed renaming
the built in administrator account, particularly if it is disabled, is of
little value and can pose a problem if it is forgot. The free password reset
disk at the link below can also enable disable accounts and identify the
administrator account. You also want to make sure that you are not using the
same password on the general population domain computer for the built in
administrators account as you do on servers and sensitive workstations.

Steve

http://home.eunet.no/~pnordahl/ntpasswd/


"UBEST" <ubest@xxxxxxxxx> wrote in message
news:dd2hf2hovhsnkpa4r4kkc1vm9si7heuv34@xxxxxxxxxx
For security reason, we have to disable or rename Domain administrator
account and domain member server's local administrator account.
We have some concerns about tha changes:

Can anyone please answer the following concerns?

If we rename or disable administrator account for AD or Windows 2003
local administrator account, what are impacts on disaster recovery of
AD and standalone Windows 2003 servers, member servers.

For a standalone or member server, if we disable or rename local
administrator account, when disaster happens, when we have to run
disaster recovery, for example, recovery console mode, system will
prompt you with administratror password, if we disable or rename
bulit-in administrator account, can we still be able to get in
recovery console mode? and How?

If we do system repair partion of Windows 2003 setup, if we are
prompted with Administrator password, how can we get along this this
step.

For reanme or disabling AD administrator account, if disaster happens
to AD, how will it affect disaster recovery procedure?

Thanks


.

Relevant Pages

  • Re: machine will only boot in safe mode
    ... > safe mode with networking ... This will get you to the recovery console. ... in Administrator account. ... Sorry Steve, ...
    (microsoft.public.windowsxp.general)
  • Re: Impact of Disabling the Local Administrator Account
    ... Good point about booting from a CD or in safe mode. ... We use our domain administrator accounts to add and remove machines from ... Administrator account, randomize the password on each machine, and disable ... Would disabling the local Administrator ...
    (microsoft.public.windows.group_policy)
  • RE: administrator logs in automatically
    ... Don't disable the Administrator account to try to resolve this. ... Windows XP Security Homepage: ... every time i start my pc, the computer logs in to the administrator account. ... i tried everything to avoid logging in as an administrator, disabling it ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Administrator Account Disabled. HELP
    ... disabling it... ... > original Administrator account is pretty well protected ... though it may not show up on login screens. ... and the administrator wouldnt show up as one of the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Disable or rename administrator account
    ... Again for AD Restore an Recovery Console on a domain ... controller the built in administrator account for the domain is not used ... For a standalone or member server, if we disable or rename local ... For reanme or disabling AD administrator account, ...
    (microsoft.public.windows.server.security)