Here's the thing. Renaming the built in administrator account is futile - it always has the same SID, and therefor the name is irrelevant. Once you know the SID, that and the password is all you need.
A better solution is to just set a complex password and enable administrator account lockout. That will keep most people out. The best solution is to disable the built in, create a separate one that has local admin rights, and use an obscure password there, again with the account being able to be locked out due to password failure. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Lum, David [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 03, 2003 2:43 PM > To: NT 2000 Discussions > Subject: RE: local admin account policy > > > Thanks, I do know how to do that, I was just wondering if > anyone actually > did this in practice or if it's overkill as Roger suggests. > If it's really > unnecessary I'd like to know that too. > > Dave Lum - [EMAIL PROTECTED] > Sr. Network Specialist - Textron Financial > 503-675-5510 > > > -----Original Message----- > From: Samir Chalhoub [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 03, 2003 11:32 AM > To: NT 2000 Discussions > Subject: Re: local admin account policy > > > > If you want to secure your desktops. > > You can write a script (WSH or VBS) to change the name and > password for > administrator account. > > So, You can create a Global Group, like as DesktopAdmins, and > set as members > > your analyst support staff. > > After that you should make this Global Group member of > Administrators local > group of all desktops of your network. > > Samir > From - Brazil > > > > > > > > > > > > >From: "Lum, David" <[EMAIL PROTECTED]> > >Reply-To: "NT 2000 Discussions" <[EMAIL PROTECTED]> > >To: "NT 2000 Discussions" <[EMAIL PROTECTED]> > >Subject: local admin account policy > >Date: Mon, 3 Feb 2003 11:16:45 -0600 > > > >What do you guys use for a policy on the local administrator > account for > >NT4 > >/ W2K boxes? Renaming the account is a given, but do you change that > >password on occasion? With a few hundred boxes I could see > this becoming an > >issue even if the password change is scripted. > > > >Dave Lum - [EMAIL PROTECTED] > >Sr. Network Specialist - Textron Financial > >503-675-5510 > > > >------ > >You are subscribed as [EMAIL PROTECTED] > >Archives: http://www.swynk.com/sitesearch/search.asp > >To unsubscribe send a blank email to %%email.unsub%% > > > _________________________________________________________________ > MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
