Anything that specifically uses the domain Administrator account by name should be 
taken out and shot.  

You should have no problems with renaming the account.

Here's something from Microsoft which suggests (as you do) that it would be a best 
practice.

http://www.microsoft.com/technet/Security/topics/issues/w2kccscg/w2kscgcd.mspx

Tony
---------- Original Message ----------------------------------
Wrom: LSZLKBRNVWWCUFPEGAUTFJMVRESKPN
Reply-To: [EMAIL PROTECTED]
Date:  Wed, 21 Jul 2004 07:37:48 -0400

I have always renamed the default Administrator account on every system
build I have performed for security reasons.

 

I did the same on the domain but was then scolded by a more experienced AD
Administrator.  The reason given to me was because there are parts of AD
that authenticate or use the SID of the administrator account while other
areas may use the "Administrator" username explicitly.  If I were to rename
the default Administrator account then those references that call the
username explicitly may fail.

 

I am still new to AD so I took the above warning with caution and therefore
renamed the default user back to its original settings.

 

I would appreciate anyone's input on the above.  I would like to rename the
Administrator account as part of best practices but if it may cause problems
then of course this would not be an option.  However, I have a hard time
understanding why renaming the account could cause potential problems.  I
would think that any reference to the Administrator account would be made by
the SID and if any call to the username itself was made, it would access a
database that was populated with the correct information as it was changed.

 

The only information I have about renaming the account is above.

 

Thank you all for your responses.

 

Edwin



 




________________________________________________________________
Sent via the WebMail system at mail.activedir.org


 
                   
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to