RE: [ActiveDir] Renaming the Administrator account

[Edwin]

Excellent! Thank you everyone for your replies.  I was concerned about the information that I got but I wasn’t in a position to question it since I honestly was not 100% sure.   Now, I believe I have some good ammunition for a good argument.   Thank you Tony for that URL.   This list rocks! Edwin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Wednesday, July 21, 2004 7:57 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Renaming the Administrator account   there's no issue renaming it - in 2003 you can actually disable it to make the environment more secure (but caution - this is the only account that doesn't get locked when you have configured a lockout threshold in your PW policy)   /Guido   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edwin Sent: Mittwoch, 21. Juli 2004 13:38 To: [EMAIL PROTECTED] Subject: [ActiveDir] Renaming the Administrator account I have always renamed the default Administrator account on every system build I have performed for security reasons.   I did the same on the domain but was then scolded by a more experienced AD Administrator.  The reason given to me was because there are parts of AD that authenticate or use the SID of the administrator account while other areas may use the “Administrator” username explicitly.  If I were to rename the default Administrator account then those references that call the username explicitly may fail.   I am still new to AD so I took the above warning with caution and therefore renamed the default user back to its original settings.   I would appreciate anyone’s input on the above.  I would like to rename the Administrator account as part of best practices but if it may cause problems then of course this would not be an option.  However, I have a hard time understanding why renaming the account could cause potential problems.  I would think that any reference to the Administrator account would be made by the SID and if any call to the username itself was made, it would access a database that was populated with the correct information as it was changed.   The only information I have about renaming the account is above.   Thank you all for your responses.   Edwin