renaming the local administrator account

[Doug Fox]

A security auditor recommended us to rename the local administrator account
to something else. We understand that it is a good thing to do.

However, there may be some services/applications using this account running
behind the scene which we may have forgotten.

Please advise if there are tools which can help dig out these
services/applications!

It is nice to do, but is it a practical thing? What should we watch out
when implement this change?

Any comments/suggestions/input are welcome.

Thanks,

 

[Roger Abell [MVP]]

You do not mention the OS version, but with the more recent
it can be a very practical thing to do.
Have you run services.msc and looked at the listed accounts
in the Log On As column ? You likely will not find much that
starts as Administrator except third-party things.
Next, run taskmgr.exe, and use the View / Select Columns
tab to make sure that the User Name is being displayed, then
click on the User Name column header to sort on that, and
look to see if anything is running as Administrator.
Well, that pretty much covers the always running things, so
you then only need to check scheduled tasks and any custom
crafted things that fire up in other way.