Re: Rename Domain Admin Account



some people believe in it, some don't. what's the main reason?

of course you can rename the account. however, before the attack I would search for the account that contains the RID of 500.

read the rootDSE to get domain part of the SID

16-Jun-2008 22:01:42.51
[RFSRWDC1] C:\>adfind -default -s base objectSid

AdFind V01.37.00cpp Joe Richards (joe@xxxxxxxxxxx) June 2007

Using server: RFSRWDC1.ADCORP.LAB:389
Directory: Windows Longhorn
Base DN: DC=ADCORP,DC=LAB

dn:DC=ADCORP,DC=LAB
objectSid: S-1-5-21-2524662531-667181895-3648062849


1 Objects returned


add the -500 part to the domain SID which is the default administrator accounts

16-Jun-2008 22:01:44.67
[RFSRWDC1] C:\>adfind -default -f "objectSID=S-1-5-21-2524662531-667181895-36480
62849-500" sAMAccountName

AdFind V01.37.00cpp Joe Richards (joe@xxxxxxxxxxx) June 2007

Using server: RFSRWDC1.ADCORP.LAB:389
Directory: Windows Longhorn
Base DN: DC=ADCORP,DC=LAB

dn:CN=ADM.ROOT,CN=Users,DC=ADCORP,DC=LAB
sAMAccountName: ADM.ROOT


1 Objects returned

16-Jun-2008 22:01:55.15
[RFSRWDC1] C:\>

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Thor Kottelin" <thor@xxxxxxxx> wrote in message news:Och$Dc1zIHA.4876@xxxxxxxxxxxxxxxxxxxxxxx
"Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx> wrote in message news:4EE787A3-3873-4A08-88FD-73780453DD43@xxxxxxxxxxxxxxxx

Renaming the account doesn't increase its security. Use a good (meaning long) passphrase and leave the account name at its default.

Hi Steve,

According to Microsoft, renaming the Administrator account is a "very simple yet effective procedure that should be a standard part of the hardening process for all servers" [1].

Since there usually, AFAIK, is no drawback, I do not see why renaming should be discouraged.

--
Thor Kottelin
http://www.anta.net/

Antivirus, firewall, parental control: http://www.anta.net/sw/norman/


[1] http://www.microsoft.com/technet/serviceproviders/hmc4/CMSU_CM_Plan_CONC_Baseline_Server_Hardening.mspx?mfr=true


.



Relevant Pages

  • Re: Re-Post - "the trust relationship between this workstation and the
    ... "the trust relationship between this workstation and the primary domain ... only problem is adding a new user account on the station. ... Client computer must use STRICTLY the INTERNAL DNS server which can ... Attr: subschemaSubentry ...
    (microsoft.public.windows.server.active_directory)
  • Re: Same question, still no answer!!!
    ... Sounds then like we are all paying for a feature set only large companies ... The "proxy server" pc is actually an older box stuffed ... Expectation #1) keep the ethernet more or less as is. ... The kids account would be ...
    (microsoft.public.windowsxp.basics)
  • Re: Re-Post - "the trust relationship between this workstation and the
    ... "the trust relationship between this workstation and the primary domain ... only problem is adding a new user account on the station. ... This would be on the DNS server 172.20.100.2 ... Attr: subschemaSubentry ...
    (microsoft.public.windows.server.active_directory)
  • Sending email to mydomain.com
    ... server will appear as undeliverable. ... This happens because you are using the POP3 connector... ... an NDR when an account doesn't exist). ... >different from the user account names for the exchange ...
    (microsoft.public.windows.server.sbs)
  • Re: Basic Authentication + IIS 5 + Windows 2000 + Frontpage 2002 = failure?
    ... Everytime I attempt to login under Basic Authentication, ... IUSR_blah account. ... the anonymous user impersonated by the IIS Server is the ... > Event Viewer Security log. ...
    (microsoft.public.inetserver.iis.security)