Re: administrator account security risk
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 13 Jan 2006 22:23:20 -0600
That is up to you. You can not delete the built in administrator account
however. In XP Pro you can use lusrmgr.msc to disable user accounts if you
do not want them to be used without deleting them. Lusrmgr.msc is not
available command but you can use the command net user to make an account
inactive. In XP Home the built in administrator account is only enabled in
Safe Mode. If you disable the built in administrator account in XP Pro it
also will only be able to be logged onto in Safe Mode though you could then
enable it again for logon to regular mode. --- Steve
"product53" <product53@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9A3882C1-8E48-4BCF-B755-18F8606C4347@xxxxxxxxxxxxxxxx
>I do not need two admin. accounts - that's just how it is set up right now.
> I guess what I would like to know is: should I delete say (the built-in
> account) or the one I created?
>
> "Steven L Umbach" wrote:
>
>> I don't see having a problem with more than one administrator account in
>> your situation as I currently see it as long as you make sure your
>> administrator accounts have hard to guess passwords that you want to also
>> write down and save in a safe place. Some Trojans and other malware will
>> attempt to attack the administrator account with a short brute force
>> attack
>> of common passwords used by users for the administrator account in order
>> to
>> install themselves and otherwise gain administrator access to the
>> computer
>> and configure it. A complex password will mitigate that threat and also
>> the
>> threat of someone trying to access your administrative shares or Remote
>> Desktop if enabled.
>>
>> The best practice for user accounts is the principle of least privilege.
>> In
>> other words if you do not need to have administrative powers for anything
>> during your logon sessions then user a regular account and even then you
>> can
>> use "runas" to only run specific programs/tasks using your administrator
>> credentials while logged on as a regular user if the need arises. I don't
>> know why you want to block an administrator account from internet access
>> and
>> your are best off just not using it when not needed and realistically you
>> can not restrict an administrator account anyhow if the user that uses
>> the
>> administrator account knows how to use the administrator account and
>> desires
>> to do so. If you have other users on the computer that seem to need
>> administrator powers to run an application or such there may be
>> workarounds
>> that can allow the user to do what is needed without being an
>> administrator
>> depending on the operating system and network configuration. --- Steve
>>
>> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/runas.mspx
>> --- XP runas
>>
>> "product53" <product53@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:4E5A30FB-B027-4AE0-85CE-D7F9107DB46A@xxxxxxxxxxxxxxxx
>> >I currently have two administrator accounts - the built-in account, and
>> >one
>> > that I created. From what I understand from Microsoft's tutorials,
>> > having
>> > two admin. accounts could pose a security risk. I no longer go online
>> > with
>> > the same account that has administrator status.
>> >
>> > My question is this: What is the most optimal & secure account
>> > configuration?
>> >
>> > Also, how do I go about (for instance, creating just one administrator
>> > account that is blocked from internet access)?
>> >
>>
>>
>>
.
- References:
- Re: administrator account security risk
- From: Steven L Umbach
- Re: administrator account security risk
- Prev by Date: Re: administrator account security risk
- Next by Date: Re: Change from Administrator to Power user
- Previous by thread: Re: administrator account security risk
- Next by thread: Re: administrator account security risk
- Index(es):
Relevant Pages
|
