[windows2000] Re: Changing Domain Administrator account name
- From: "Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Fri, 20 Aug 2004 21:42:32 -0400
That's called Null Session Enumeration.
The GFI Languard Network Scanner can be set up to connect via null
session, and enumerate from there. Download it, and fire it at his
unprotected, outward facing IP address.
WinXP and Win2003 have Null Sessions disabled by default. All others
have it enabled by default, but the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymou
s
is used to disable it.
See http://tinyurl.com/ssd7
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
________________________________
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Bill Beckett
Posted At: Friday, August 20, 2004 4:29 PM
Posted To: Windows 2000
Conversation: [windows2000] Re: Changing Domain Administrator account
name
Subject: [windows2000] Re: Changing Domain Administrator account name
Speaking of admin account. What is the exploit that allows a readout of
local users on an internet exposed machine against a Windows box? My
boss doesn't believe me.
-----Original Message-----
From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx]
Sent: Friday, August 20, 2004 11:30 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Changing Domain Administrator account
name
You've got it right on all accounts... yes, that is how you
rename it, and yes, the "separate account" method is a "Best Practice"
that is good to follow.
Not easy to follow, especially if you don't start off that way.
But with the advent of "Run As" and "Manage Your Server" it is now much
easier...
HTH,
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
________________________________
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathan Jesse
Posted At: Friday, August 20, 2004 11:22 AM
Posted To: Windows 2000
Conversation: [windows2000] Re: Changing Domain Administrator
account name
Subject: [windows2000] Re: Changing Domain Administrator account
name
Pardon the ignorance, in Active Directory Users and Computers,
right click on the Administrator account and click rename?
An a follow up question, is it best practice to have a separate
account that is a member of domain administrators or use the same. For
example, my day to day account jjesse would not be a domain admin but
then have a domain admin account jjadmin or something like that I would
use to work on administrating my network? Hopefully that makes sense
Jonathan Jesse
Network Specialist
Founders Trust Personal Bank
This page and any accompanying documents contain confidential
information intended for a specific individual and purpose. If you are
not the intended recipient, you are hereby notified that any disclosure,
copying, distribution, or use of the information contained herein
(including any reliance thereon) is strictly prohibited. If you
received this transmission in error, please immediately contact the
sender and destroy the material in its entirety, whether in electronic
or hard copy format.
________________________________
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sullivan, Glenn
Sent: Friday, August 20, 2004 11:16 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Changing Domain Administrator account
name
If you just want to rename the administrator account, go ahead.
As a matter of fact, I highly recommend renaming the admin
account, disabling it, and then creating a new account called
"Administrator" with no rights.
Since the SID-1 account (the administrator) cannot be locked
out, no matter how many times someone tries to brute force it, it is
critical that you rename this account to something else.
And then the dummy account is a way of phishing for crackers...
monitor it for lockout/failures, and you will be on the right track.
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
________________________________
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathan Jesse
Posted At: Friday, August 20, 2004 10:58 AM
Posted To: Windows 2000
Conversation: [windows2000] Changing Domain Administrator
account name
Subject: [windows2000] Changing Domain Administrator account
name
Was recently asked by my boss to look into changing the domain
administrator account from administrator to something else. Could
someone point me to some documentation, haven't found any so far on
Microsoft's site, but I'm just starting
Thanks in advance,
Jonathan Jesse
Network Specialist
Founders Trust Personal Bank
This page and any accompanying documents contain confidential
information intended for a specific individual and purpose. If you are
not the intended recipient, you are hereby notified that any disclosure,
copying, distribution, or use of the information contained herein
(including any reliance thereon) is strictly prohibited. If you
received this transmission in error, please immediately contact the
sender and destroy the material in its entirety, whether in electronic
or hard copy format.
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
