[gptalk] Re: Trying to rename admin account

  • From: "Jakob H. Heidelberg" <jhh@xxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 9 Apr 2008 15:01:14 +0200

A couple of things - 

 

1)      If you are trying to rename the Administrator accounts (both local
and domain) remember that security is not a great deal better because the
SIDs stay the same (easy job for any hacker to get the new name anyway).

2)      If you are trying to rename the DOMAIN Administrator only, you must
link the policy to the Domain Controllers OU only.

3)      If you are trying to rename the LOCAL Administrator accounts on your
Windows clients/member server, do NOT hit the Domain Controllers OU in any
way (use OUs for the computers or some other filtering method (WMI or
Security)). 

4)      When testing rename of the LOCAL Administrator account be sure to
change the "Log on to" drop down box on the Security Dialog to "This
machine" (cannot be done on Domain Controllers of course).

5)      My experience is that you'll need to restart the computers be sure
the policy has applied 100%. You will be able to logon using the
"administrator" name until the reboot is done - that's my experience anyway.

6)      Be sure to test in an ISOLATED test environment before going live
with this in production.

 

Hope that helps? J

 

 

Best regards

 

Jakob H. Heidelberg

MVP:Enterprise Security

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Craig Meyer
Sent: 9. april 2008 09:50
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Trying to rename admin account

 

Hi
 
After the reboot i can still log in with administrator as the username and
the password



Craig Meyer 

 

 


  _____  


From: darren@xxxxxxxxxx
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Trying to rename admin account
Date: Tue, 8 Apr 2008 06:59:10 -0700

One thing to note is that policy is a per-computer policy, which means it
requires either a background refresh of GP or, more likely, you need to
reboot the target computer to pick up the new name.

 

Also, I'm curious why you first created the GPO linked to the DCs OU. Are
you really intending to rename the domain Administrator account as well?

 

Darren

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Craig Meyer
Sent: Tuesday, April 08, 2008 4:33 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Trying to rename admin account

 

I logged on the DC with the admin account to configure evrthing in AD and
GPMC. then i logged on the server (seperate pc in the OU) to test if i can
log in with the admin account and i could.

Craig Meyer 

 

 


  _____  


Subject: [gptalk] Re: Tryint to rename admin account
Date: Tue, 8 Apr 2008 06:27:56 -0500
From: shane.williford@xxxxxxxxxx
To: gptalk@xxxxxxxxxxxxx

Are you logging on with a local or domain admin account?

 

Shane M. Williford

Systems Administrator

MCSE, MCSA Sec, Sec+, Net+, A+

Mazuma Credit Union

shane.williford@xxxxxxxxxx

816-361-4194 x6012


  _____  


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Craig Meyer
Sent: Tuesday, April 08, 2008 6:26 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Tryint to rename admin account

 

Hi all
 
Been trying to rename the admin account to something else through a GPO. I
do the following: 
 
Right-click on Domain controllers OU in AD > Properties > GP tab > Open >
Exp GPO > Create new GPO and call it Rename Admin Account > Right-click GPO
> edit > comp config > win settings > secu settings > local policies > sec
options > doublle click rename administrator account > define this policy
seeting > type the name that i want and click OK all the way out.
 
 
Create a new OU and move one pc (has 2003 on it) to the OU because i only
want to test this on one pc in the domain.Right-click on the OU in AD >
Properties > GP tab > Open > Right-click OU > Link an existing GP > Rename
admin account > Ok...Close all the way out
 
If i log out and try to log in with the username administrator and the
password it still allows me to. What am i doing wrong?

Craig Meyer 

 


  _____  


Expensive phone bills? Free unlimited PC to PC calls from Windows Live
Messenger - download it here for FREE! Click here!
<http://get.live.com/messenger/overview/> 

Notice: The information transmitted in this e-mail may contain confidential
and/or legally privileged information intended only for the use of the
individual(s) named above. Review, use, disclosure, distribution, or
forwarding of this information by persons or entities other than the
intended recipient(s) is prohibited by law and may subject them to criminal
or civil liabilities. Statements and opinion expressed in this e-mail may
not represent those of Mazuma Credit Union. All e-mail communications
through Mazuma's corporate email system are subject to archiving and review
by someone other than the recipient. If you have received this communication
in error, please notify the sender immediately and delete/destroy any and
all copies of the original message from any computer or network system. 

 


  _____  


Expensive phone bills? Free unlimited PC to PC calls from Windows Live
Messenger - download it here for FREE! Click here!
<http://get.live.com/messenger/overview/> 

 

  _____  

It's time to join the family - Get the next generation of Free Windows Live
Services now! Click here! <http://get.live.com/> 

Other related posts: