Renaming Local Administrator Account

[Tekmazter]

Hopefully this is an easy one for all of you.

I have already renamed the built-in domain administrator account manually,
and have now decided to rename the local administrator account on all of my
desktops throughout the domain. The problem is, when I try and deploy this
via Group Policy my domain administrator account also gets slightly
modified. Basically the 'User Logon Name (Pre-Windows 2000)' field on the
domain admin account properties gets changed to the same name as what I want
for the local administrator accounts. Is this supposed to happen? As I
said, it's just this one field that gets renamed. The rest of the domain
admin account stays the same.

Thoughts?

 

[Steve Athanas]

Hi, there:

Are you applying this policy at the domain level? Because that's what it
sounds like, which is the only reason I can think that you would have
this problem. Try placing your computers in an OU, if they aren't
already in one, and then applying this policy to that OU, safely away
from your Domain Accounts.

As a good principle of GP management, you should be very timid about
putting any policies directly on the domain, based on the idea that it
will then affect all workstations, member servers, and Domain
Controllers in the entire domain, not to mention all users (such as the
built-in admin account).

HTH
__________________
Steve Athanas
MCSE:Security (2003)

 

[Tekmazter]

Thanks for the reply Steve,

This is what I suspected all along. I appreciate the confirmation of that.
So I guess some restructuring is in order.

Thanks again

 

[Steve Athanas]

You're welcome.

Take care and have fun re-organizing.
___________________
Steve Athanas
MCSE: Security (2003)