"Anything that specifically uses the domain Administrator account by name should be taken out and shot."
LOL!!! Edwin, you are obviously the "more experienced AD administrator". I think that is one of the very first things to be taught in AD courses. A true experienced AD admin "should" know that. Good luck! Samantha (I always get a good information and good laughs from this list....thanks!) -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 21, 2004 7:55 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Renaming the Administrator account Anything that specifically uses the domain Administrator account by name should be taken out and shot. You should have no problems with renaming the account. Here's something from Microsoft which suggests (as you do) that it would be a best practice. http://www.microsoft.com/technet/Security/topics/issues/w2kccscg/w2kscgc d.mspx Tony ---------- Original Message ---------------------------------- Wrom: LSZLKBRNVWWCUFPEGAUTFJMVRESKPN Reply-To: [EMAIL PROTECTED] Date: Wed, 21 Jul 2004 07:37:48 -0400 I have always renamed the default Administrator account on every system build I have performed for security reasons. I did the same on the domain but was then scolded by a more experienced AD Administrator. The reason given to me was because there are parts of AD that authenticate or use the SID of the administrator account while other areas may use the "Administrator" username explicitly. If I were to rename the default Administrator account then those references that call the username explicitly may fail. I am still new to AD so I took the above warning with caution and therefore renamed the default user back to its original settings. I would appreciate anyone's input on the above. I would like to rename the Administrator account as part of best practices but if it may cause problems then of course this would not be an option. However, I have a hard time understanding why renaming the account could cause potential problems. I would think that any reference to the Administrator account would be made by the SID and if any call to the username itself was made, it would access a database that was populated with the correct information as it was changed. The only information I have about renaming the account is above. Thank you all for your responses. Edwin ________________________________________________________________ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
