J
J Wibbly
Why would I create a bogus administrator account with no
privledges?
What is the official recomendation on doing this?
-
JW
privledges?
What is the official recomendation on doing this?
-
JW
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
K
Keith W. McCammon
Why would I create a bogus administrator account with no
Because your domain admin account has a crappy password? Or any number of
other reasons. Just obscurity, really.
Not sure, but I'm certain that most folks will tell you that securing the
account is more useful than moving it around.
privledges?
Because your domain admin account has a crappy password? Or any number of
other reasons. Just obscurity, really.
What is the official recomendation on doing this?
Not sure, but I'm certain that most folks will tell you that securing the
account is more useful than moving it around.
S
Steven L Umbach
To protect the actual administrator account and let them hack away at a useless
account. Some will say it does not matter because there are ways to find the true
administrator account. That is not always the case such as when you have port 3389
open for Terminal Services. --- Steve
account. Some will say it does not matter because there are ways to find the true
administrator account. That is not always the case such as when you have port 3389
open for Terminal Services. --- Steve
I
IBTerry [MSFT]
That is a good thing to do, but if someone has the proper tools they will
be able to see that the account is not the built in administrator account.
Even if the Administrator account is renamed it still retains its well
known SID.
- SID: S-1-5-<domain>-500 Name: Administrator Description: A user
account for the system administrator. By default, it is the only user
account that is given full control over the system.
From 243330 Well Known Security Identifiers in Windows 2000
http://support.microsoft.com/?id=243330
Restrict anonymous settings are one way to possibly mitigate this type of
attack.
IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
be able to see that the account is not the built in administrator account.
Even if the Administrator account is renamed it still retains its well
known SID.
- SID: S-1-5-<domain>-500 Name: Administrator Description: A user
account for the system administrator. By default, it is the only user
account that is given full control over the system.
From 243330 Well Known Security Identifiers in Windows 2000
http://support.microsoft.com/?id=243330
Restrict anonymous settings are one way to possibly mitigate this type of
attack.
IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.