Besides worms etc. "obscurity" has another advantage. Footprinting is the hardest part of hacking. Not to reveal relevant information is [hopefully] not the only security, but an important line in your defense-in-depth. It just must not be so obscure that you are confusing yourself. So I suggest to disable the "-500 Admin" and to use personalized admin-accounts, especially when you have some colleges that have admin-rights too. If you are locked out, you can always use the "disabled" -500 Admin in Secure Mode. If you disable NetBIOS/anonymous bind, the (external) hacker is relatively blind, so you can even use descriptive names like "admin-daniel". To be better protected against internal attacks you can change a security descriptor in AD so the membership of your admin-group can only be read by the relevant services (I don't remember the exact title - something like "Securing AD - Day by Day operations"). But I think this is already on the evil side of hardening and the hint! was for win2000 anyway.
regards, Daniel "Derick Anderson" <[EMAIL PROTECTED]> schrieb am 15.11.05 23:24:43: > Is changing the Administrator account name really worthwhile or not? My > largely unfounded, sparsely researched opinion is this: ______________________________________________________________________ XXL-Speicher, PC-Virenschutz, Spartarife & mehr: Nur im WEB.DE Club! Jetzt gratis testen! http://freemail.web.de/home/landingpad/?mc=021130 --------------------------------------------------------------------------- ---------------------------------------------------------------------------
