I'd consider that a false sense of security, for the exact reason Tony mentioned - administrator has the same RID regardless of name - any half intelligent script kiddie would hack using the RID rather than the username anyway.
------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Burns, Clyde [mailto:Clyde.Burns@;nortonhealthcare.org] > Sent: Wednesday, October 23, 2002 9:22 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Admin Account Trouble > > > I have done just that for security reasons. (Rename the administrator > account and create a dummy "Administrator" account with no > real privileges.) > Its been for situations where someone is trying to 'guess' what the > administrator account is and let them spin their wheels > harmlessly. And in > one case where someone who I could not say 'No' to wanted to know the > administrators account password. The guy was known as 'the > tweaker' because > he couldnt leave things alone and would never admit to > changing things, > despite being slapped with audit logs showing otherwise. > > -----Original Message----- > From: Tony Murray [mailto:tony@;mail.activedir.org] > Sent: Wednesday, October 23, 2002 8:49 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] Admin Account Trouble > > > Ok, so this is an old thread - sorry to raise the dead. :-) > > I had an idea about this. Could it be that the Administrator > account has > been renamed and new account created using the name > "Administrator". Why > anyone would want to do this I don't know, but it can be done > (just tested > it). > > If this is the case in your environment, it should be > possible to locate the > origional Administrator account. The RID is always 500 (or > 1F4 if you look > at the string representation of objectSid using e.g. LDP.EXE). > > Just a thought... > > Tony > > -----Original Message----- > From: Craig Cerino [mailto:Craig_Cerino@;Tiel.com] > Sent: Montag, 23. September 2002 15:28 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Admin Account Trouble > > > Dave, > > Anything is possible --- but I am the only one that has > authority to make any registry changes (and haven't). Also, it doesn't > matter where you are - console-TS session. If it's locked out > --- I have > to use one of the back door accounts I created to unlock it. Cooky. > > -----Original Message----- > From: Thornley, Dave H [mailto:D.H.Thornley@;shu.ac.uk] > Sent: Monday, September 23, 2002 9:13 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Admin Account Trouble > > Craig, > I have a very vague recollection of a utility or a Registry setting or > something that would allow the administrator account to be locked out > via the network, but you could always log in at the console (or > something like that...!) Is it possible that's what's causing your > problems? > > dave > > -----Original Message----- > From: Craig Cerino [mailto:Craig_Cerino@;Tiel.com] > Sent: 23 September 2002 13:36 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Admin Account Trouble > > > Rick -- that's what I thought but I am here to tell you the built in > administrator account can ABSOLUTELY become locked out. > > I see it all the time. One of our smaller separate networks (built in) > Administrator account gets locked out all the time. > > It's actually pretty weird and I've been working for a while > now trying > to figure out WHY this is happening. > > Craig > > > > > > -----Original Message----- > From: Rick Kingslan [mailto:rkingsla@;cox.net] > Sent: Friday, September 20, 2002 8:48 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Admin Account Trouble > > Craig, > > Can't happen - the Administrator account can't be locked out. > Which, if > you think about it is the reason that it's attacked over any other > potential admin equivalent account. If the account 'Rick' is an admin > equiv but has a lockout of 3 attempts, I may as well go after the > Administrator who won't lockout even though I'm going after it with a > full onslaught brute force dictionary attack with my mongo dictionary > with all possible replacement text. By open of business Monday the > administrator account has taken on millions of password attempts. > > Yeah, it's kind of a small problem. > > Rick Kingslan - Microsoft MVP [Windows NT/2000] > Microsoft Certified Trainer > MCSA, MCSE+I - Windows NT / 2000 > > "Any sufficiently advanced technology > is indistinguishable from magic." > --- Arthur C. Clarke > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:ActiveDir-owner@;mail.activedir.org] On Behalf Of > Craig Cerino > > Sent: Friday, September 20, 2002 12:16 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Admin Account Trouble > > > > > > I REALLY don't mean to be insulting -- but is it locked out? > > > > -----Original Message----- > > From: Michael Payne [mailto:mpayne@;amocofcu.org] > > Sent: Friday, September 20, 2002 12:43 PM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] Admin Account Trouble > > > > Hello Everyone, > > > > My administrator account (Windows 2000 server) can not access > > the group policies for the Domain\ Domain Controller. I can > > not install software nor does the hardware wizard respond. > > Any ideas or suggestions? I would appreciate any advice. > > > > Thanks in advance, > > > > > > Mike > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
