On Thu, Jun 14, 2012 at 8:35 AM, Ziots, Edward <[email protected]> wrote:
> I would concur that both ideas are flawed. I would caution on account
> lockout because its easy to do a DDOS against accounts with lockout enabled.
>
> What I would recommend:
>
> Renaming the account and putting in a dummy administrator account which is
> disabled and only a member of the guest group is a idea: (Can look for
> attempts to login as administrator which will show up in the log and will
> tip you off as to something or someone trying to use local credentials to
> access a system.
Fails because the Administrator account because it is associated with
a well-known SID.
Monitor the account, yes
Create an account with the same privs and an innocuous name, then
disable the Administrator account, yes.
The rest of your recommendations I definitely agree with...
Kurt
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
