[windows2000] Re: Changing Domain Administrator account name
- From: Bill Beckett <Bill.beckett@xxxxxxxxxxxxxxxxx>
- To: "'windows2000@xxxxxxxxxxxxx'" <windows2000@xxxxxxxxxxxxx>
- Date: Fri, 20 Aug 2004 16:28:56 -0400
Speaking of admin account. What is the exploit that allows a readout of
local users on an internet exposed machine against a Windows box? My boss
doesn't believe me.
-----Original Message-----
From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx]
Sent: Friday, August 20, 2004 11:30 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Changing Domain Administrator account name
You've got it right on all accounts... yes, that is how you rename it, and
yes, the "separate account" method is a "Best Practice" that is good to
follow.
Not easy to follow, especially if you don't start off that way. But with
the advent of "Run As" and "Manage Your Server" it is now much easier...
HTH,
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
_____
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathan Jesse
Posted At: Friday, August 20, 2004 11:22 AM
Posted To: Windows 2000
Conversation: [windows2000] Re: Changing Domain Administrator account name
Subject: [windows2000] Re: Changing Domain Administrator account name
Pardon the ignorance, in Active Directory Users and Computers, right click
on the Administrator account and click rename?
An a follow up question, is it best practice to have a separate account that
is a member of domain administrators or use the same. For example, my day
to day account jjesse would not be a domain admin but then have a domain
admin account jjadmin or something like that I would use to work on
administrating my network? Hopefully that makes sense
Jonathan Jesse
Network Specialist
Founders Trust Personal Bank
This page and any accompanying documents contain confidential information
intended for a specific individual and purpose. If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is strictly prohibited. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format.
_____
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sullivan, Glenn
Sent: Friday, August 20, 2004 11:16 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Changing Domain Administrator account name
If you just want to rename the administrator account, go ahead.
As a matter of fact, I highly recommend renaming the admin account,
disabling it, and then creating a new account called "Administrator" with no
rights.
Since the SID-1 account (the administrator) cannot be locked out, no matter
how many times someone tries to brute force it, it is critical that you
rename this account to something else.
And then the dummy account is a way of phishing for crackers... monitor it
for lockout/failures, and you will be on the right track.
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
_____
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathan Jesse
Posted At: Friday, August 20, 2004 10:58 AM
Posted To: Windows 2000
Conversation: [windows2000] Changing Domain Administrator account name
Subject: [windows2000] Changing Domain Administrator account name
Was recently asked by my boss to look into changing the domain administrator
account from administrator to something else. Could someone point me to
some documentation, haven't found any so far on Microsoft's site, but I'm
just starting
Thanks in advance,
Jonathan Jesse
Network Specialist
Founders Trust Personal Bank
This page and any accompanying documents contain confidential information
intended for a specific individual and purpose. If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is strictly prohibited. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format.
Other related posts:
