FYI, you can delete the administrator account with a free third party utility. I forget its name off the top of my head, but it's discussed in Hacking Exposed Windows 2000.
Of course, I've never been brave enough to try it in a production environment. Roger **************************************************************************** **** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE (NT/2000), CNE (3/4), A+ *email: [EMAIL PROTECTED] *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode **************************************************************************** ****** ----- Original Message ----- From: "Paris Stone" <[EMAIL PROTECTED]> To: "stephen at unix dot za dot net" <[EMAIL PROTECTED]>; "dave" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, June 04, 2003 1:59 PM Subject: RE: About default sharing folders in Windows > Can't delete Administrator or Guest. Rename & Disable them, then create dummy > accounts with those two default names. All acl's are checked against the SID's not > the actual name and the SID's won't change with a rename. Therefore if you can't > delete it and renaming it won't remove the assignments, you're hosed. There are > tools out there that will scan your filesystem for rights, can't remember any just > now. Audit the system and manually remove rights. > > stephen at unix dot za dot net ([EMAIL PROTECTED]) wrote: > > > > > >how about deleting the admininistrator account (killing that sid) > >recreating a new account, redoing the privileges for that account, > >and adding the new username to the administrator or appropriate group. > > > >then 'hack the registry' :D > > > >then you should be left with a box with no default shares, > >administrator/guest default accounts are non-existant, and the new ones > >have new SIDs. > > > >that a possible solution? > > > >oh yeh, this is my first post :D > > > > > >stephen > > > > > > > >[EMAIL PROTECTED] > >tel: (031) 207 4811 > > > > > > > >On Tue, 3 Jun 2003, dave wrote: > > > >> It is best to "disable" the built in administrator account. > >> > >> Dave > >> > >> > >> > >> _____________________ > >> Dave Kleiman > >> [EMAIL PROTECTED] > >> www.netmedic.net > >> > >> > >> > >> -----Original Message----- > >> From: David Gillett [mailto:[EMAIL PROTECTED] > >> Sent: Monday, June 02, 2003 17:38 > >> To: [EMAIL PROTECTED] > >> Subject: RE: About default sharing folders in Windows > >> > >> > I strongly suggest renaming the local Administrator and Guest account > >> > to something that is not easily guessed at. In addition, you should > >> > probably create "dummy" accounts named "Administrator" and "Guest" > >> > that have no rights/no group memberships and are disabled. Monitor > >> > the dummy accounts closely for log in attempts. > >> > >> Note that there's no point to this unless you *also* disable the ability > >> to enumerate accounts over a null connection. The renamed Administrator > >> account will be trivial to spot by its ID otherwise. > >> > >> David Gillett > >> > >> > >> > >> ------------------------------------------------------------------------- -- > >> ------------------------------------------------------------------------- --- > >> > >> > >> > >> > >> > >> ------------------------------------------------------------------------- -- > >> ------------------------------------------------------------------------- --- > >> > >> > > > > > >--------------------------------------------------------------------------- > >--------------------------------------------------------------------------- - > > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Paris Stone > CISSP, CCNP, CNE, MCSE > CIW Master Administrator / Security Analyst, NSA > http://www.ciscoinstructor.net/ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > "The rich man is not the one with the most, but the one who needs the least" > > > > -------------------------------------------------------------------------- - > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
