Re #2....why would you disable the local admin account and create a new one instead of just renaming the local admin account?
On Wed, Jan 4, 2012 at 6:04 PM, James Hill <[email protected]> wrote: > **1. **You’d still have a local admin account. I prefer to used > restricted groups GPO so that it forces the local admin memberships.**** > > **2. **Yes, not sure how really effective it is though apart from > being one more step to take when attempting a breach.**** > > ** ** > > *From:* David Lum [mailto:[email protected]] > *Sent:* Thursday, 5 January 2012 8:18 AM > > *To:* NT System Admin Issues > *Subject:* RE: GPO reset of local non-builtin accounts**** > > ** ** > > Good suggestion. Questions: > 1. If you need to log on locally and the domain is unavailable (it > happens), how do you log in?**** > > 2. Isn’t it best practice to disable the builtin admin account and use a > new local admin account with a different name?**** > > ** ** > > IIRC #2 was suggested practice years ago (I can’t remember from where).*** > * > > ** ** > > Dave**** > > ** ** > > *From:* ed ziots [mailto:[email protected]] > *Sent:* Wednesday, January 04, 2012 1:37 PM > *To:* NT System Admin Issues > *Subject:* RE: GPO reset of local non-builtin accounts**** > > ** ** > > You can use cusrmgr.exe from the Windows 2000 Resource kit tools to script > out the GPO changes. > > Better yet, as mentioned earlier it would be best to control who is in > your local administrators to domain based accounts that are added by > GPO/GPP and remove any others from those privileged groups. > > HTH, > > Sincerely, > EZ > > Edward E. Ziots > Senior Informational Security Engineer > CISSP,Security +,Network+ > > **** > > > From: [email protected] > > To: [email protected] > > Date: Wed, 4 Jan 2012 13:39:08 -0500 > > Subject: RE: GPO reset of local non-builtin accounts > > > > Then convert it to an exe or encrypt it to help keep prying eyes out of > it. > > > > http://www.abyssmedia.com/quickbfc/ > > > > > > -----Original Message----- > > From: Matthew W. Ross [mailto:[email protected]] > > Sent: Wednesday, January 04, 2012 1:37 PM > > To: NT System Admin Issues > > Subject: RE: GPO reset of local non-builtin accounts > > > > Try: > > > > net user localuser n3wP@ssw0rd > > > > > > --Matt Ross > > Ephrata School District > > > > > > ----- Original Message ----- > > From: David Lum > > [mailto:[email protected]] > > To: NT System Admin Issues > > [mailto:[email protected]] > > Sent: Wed, 04 Jan 2012 > > 10:27:38 -0800 > > Subject: RE: GPO reset of local non-builtin accounts > > > > > > > Ohh..do tell - have a script handy that I can modify? > > > > > > From: Michael B. Smith [mailto:[email protected]] > > > Sent: Wednesday, January 04, 2012 10:21 AM > > > To: NT System Admin Issues > > > Subject: RE: GPO reset of local non-builtin accounts > > > > > > Startup/boot script? > > > > > > Regards, > > > > > > Michael B. Smith > > > Consultant and Exchange MVP > > > http://TheEssentialExchange.com <http://theessentialexchange.com/> > > > > > > From: David Lum > > > [mailto:[email protected]]<mailto:[mailto:[email protected]]<[mailto:[email protected]]> > > > > > Sent: Wednesday, January 04, 2012 1:14 PM > > > To: NT System Admin Issues > > > Subject: GPO reset of local non-builtin accounts > > > > > > Is there a way to GPO a password change of added-in local machine > > > accounts if the account is the same across all systems? I can do it > > > easily enough with the BuiltIn ones, but see no GPO way to do added > ones. > > > David Lum > > > Systems Engineer // NWEATM > > > Office 503.548.5229 // Cell (voice/text) 503.267.9764 > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > --- > > > To manage subscriptions click here: > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > or send an email to > > > [email protected]<mailto:[email protected] > > > software.com> > > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > --- > > > To manage subscriptions click here: > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > or send an email to > > > [email protected]<mailto:[email protected] > > > software.com> > > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > --- > > > To manage subscriptions click here: > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > or send an email to [email protected] > > > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < > http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
