I always created a new one that is called administrator and put it in the Guest group and disabled it. ( then tracked if anyone used it, which would tip me off that something nefarious could be up) Basically renaming the default administrator account at best is a security by obscurity measure, because user2sid or sid2usr is going to get me the true account of SID 500, then I could basically start cracking that account. Z
Edward E. Ziots Senior Informational Security Engineer CISSP,Security +,Network+ From: [email protected] To: [email protected] Subject: RE: Quarterly Admin password change Date: Mon, 16 Jan 2012 20:07:56 +0000 Shouldn’t you also disable the default local Administrator account, and create a new one, NOT named Administrator? Joe Heaton ITB – Windows Server Support From: ed ziots [mailto:[email protected]] Sent: Sunday, January 15, 2012 2:49 PM To: Heaton, Joseph@DFG; NT System Admin Issues Subject: RE: Quarterly Admin password change +1, that is pretty easy one. Also make sure you rename it to something else than "Administrator" and create a dummy admin account which is only a "Guest" and disabled, and audit its attempted use for audit and incident response purposes. Also can script it out with cusrmgr.exe from the Windows 2000 resource kit. Z Edward E. Ziots Senior Informational Security Engineer CISSP,Security +,Network+ > From: [email protected] > To: [email protected] > Subject: RE: Quarterly Admin password change > Date: Sun, 15 Jan 2012 22:42:35 +0000 > > Easy to do with GPP or with a script. > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > http://TheEssentialExchange.com > > -----Original Message----- > From: Juned Shaikh [mailto:[email protected]] > Sent: Sunday, January 15, 2012 5:16 PM > To: NT System Admin Issues > Subject: Quarterly Admin password change > > I am trying to identify how are you folks managing the security requirement > of changing Local admin password of all servers quarterly? > > Thanks in advance, > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
