Actually Paris you can in theory "disable" the default admin. It just takes a few tricks
_____________________ Dave Kleiman [EMAIL PROTECTED] www.netmedic.net -----Original Message----- From: Paris Stone [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 13:59 To: stephen at unix dot za dot net; dave Cc: [EMAIL PROTECTED] Subject: RE: About default sharing folders in Windows Can't delete Administrator or Guest. Rename & Disable them, then create dummy accounts with those two default names. All acl's are checked against the SID's not the actual name and the SID's won't change with a rename. Therefore if you can't delete it and renaming it won't remove the assignments, you're hosed. There are tools out there that will scan your filesystem for rights, can't remember any just now. Audit the system and manually remove rights. stephen at unix dot za dot net ([EMAIL PROTECTED]) wrote: > > >how about deleting the admininistrator account (killing that sid) >recreating a new account, redoing the privileges for that account, >and adding the new username to the administrator or appropriate group. > >then 'hack the registry' :D > >then you should be left with a box with no default shares, >administrator/guest default accounts are non-existant, and the new ones >have new SIDs. > >that a possible solution? > >oh yeh, this is my first post :D > > >stephen > > > >[EMAIL PROTECTED] >tel: (031) 207 4811 > > > >On Tue, 3 Jun 2003, dave wrote: > >> It is best to "disable" the built in administrator account. >> >> Dave >> >> >> >> _____________________ >> Dave Kleiman >> [EMAIL PROTECTED] >> www.netmedic.net >> >> >> >> -----Original Message----- >> From: David Gillett [mailto:[EMAIL PROTECTED] >> Sent: Monday, June 02, 2003 17:38 >> To: [EMAIL PROTECTED] >> Subject: RE: About default sharing folders in Windows >> >> > I strongly suggest renaming the local Administrator and Guest account >> > to something that is not easily guessed at. In addition, you should >> > probably create "dummy" accounts named "Administrator" and "Guest" >> > that have no rights/no group memberships and are disabled. Monitor >> > the dummy accounts closely for log in attempts. >> >> Note that there's no point to this unless you *also* disable the ability >> to enumerate accounts over a null connection. The renamed Administrator >> account will be trivial to spot by its ID otherwise. >> >> David Gillett >> >> >> >> --------------------------------------------------------------------------- >> ---------------------------------------------------------------------------- >> >> >> >> >> >> --------------------------------------------------------------------------- >> ---------------------------------------------------------------------------- >> >> > > >--------------------------------------------------------------------------- >--------------------------------------------------------------------------- - > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Paris Stone CISSP, CCNP, CNE, MCSE CIW Master Administrator / Security Analyst, NSA http://www.ciscoinstructor.net/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "The rich man is not the one with the most, but the one who needs the least" --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
