Re: Safely change the Administrator accounts and names 2003 server
- From: "Al Dunbar" <AlanDrub@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 13 Jul 2007 17:46:35 -0600
"LSR" <nospam@xxxxxxxxxx> wrote in message
news:5fp77jF3c6913U1@xxxxxxxxxxxxxxxxxxxxx
Special Access wrote:
On Thu, 12 Jul 2007 21:56:45 -0700, "Steve Riley [MSFT]"
<steve.riley@xxxxxxxxxxxxx> wrote:
So long as you have a good (that is, long) password on the domain
admin account, there's really no need to change the name. Account
names aren't designed to be secrets, so don't try to hide accounts
by changing their names.
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
"Dan" <raiched@xxxxxxxxx> wrote in message
news:1184192119.416917.236270@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Can I safely change the Domain Administrator account password and
name and still have access to domain clients? I'm concerned that
once I change the administrator account I won't have access to the
clients and will have to bring them all back into the domain to get
the GPO security back. Any cached policies would still be on the
laptops untill they login into the domain correct? Do I even need
to worry about this?
I remmber the SBS 2000 domain controlers would lose there security
ID's if you renamed the Domain Administrator account after Dcpromo.
I'd like to secure the domain controllers as much as possible
without bringing the domain down for an exteneded period of time.
Thanks,
while this may be true in the civilian world, the US Gov't world
requires the built-in administrator and guest account names be
changed.
Mike
We did wonder, after changing the administrator account name, if we could
create an account called "administrator" with Guest (or even fewer)
permissions and a trivial password as we thought this might really
frustrate a hacker when they found it.
No reason why that would not be possible, as there is nothing special about
the name "administrator". Of course, it is no secret to the hacking
community that renaming the administrator and leaving a fake one for them to
fool around with is commonly done. As a bit of "security by obscurity", it
probably doesn't hurt - just as long as you do not think this is foolproof
or all you need do to secure your system.
/Al
.
- References:
- Prev by Date: Re: How do I request user right: SeShutdownPrivilege
- Next by Date: Re: How do I request user right: SeShutdownPrivilege
- Previous by thread: Re: Safely change the Administrator accounts and names 2003 server
- Next by thread: Re: Safely change the Administrator accounts and names 2003 server
- Index(es):
Relevant Pages
|
Loading
