Hm... Interesting. I wonder if anything has changed in the logic since that was written in 2005?
I do get what he's saying. If the built-in admin account has no password, then it can't be used across the network (at least not by default). But if you've followed their advice and disabled that account completely, then that's not really a concern. I also understand his point about account lockouts. Our students here intentionally lock out accounts in order to disable them, which is just the sort of attack he's warning about. And if a password is strong, it would take so long to crack-even with advanced computing power-that locking out the account wouldn't serve much purpose. But computing power has increased since 2005, so I wonder if that still holds true. And regardless, the state IT auditors expect us to have lockouts enabled because they consider it a best practice. John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us From: Christopher Bodnar [mailto:[email protected]] Sent: Thursday, June 14, 2012 9:05 AM To: NT System Admin Issues Subject: What is your take on this (built-in admin password and account lockout) One of our VP's just ran across this article and is asking for my input: http://technet.microsoft.com/en-us/library/cc512606.aspx Which seems to be recommending two things: Leave the built-in administrator password blank There is no need for account lockout to be enabled I disagree with both assumptions. I also find it odd that this is a MS recommendation. I'd like to hear others thoughts on these comments. Thanks, Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
