Windows 2000 user accounts

  • Thread starter Thread starter NP
  • Start date Start date
N

NP

Looking for some info/advice please ...

* Fresh install of Win2000 completed (Administrator account setup
automatically by Windows).
* Renamed Administrator account from "Administrator" to something else.
Someone once advised me to do this but didn't explain why.
* Created two Power User accounts for general day to day use. Both used to
connect to the internet.

Questions:

1) Why is it a good idea to rename the Adminstrator account?
2) Why is it not a good idea to connect to the internet using the
"Administrator" account?
3) Would it be OK to connect to the Internet using the renamed account that
has administrator rights?

Many thanks,

NP.
 
Hi,

1) Administrator account is the one that "bad" guys want to get. This is the
account that never locks out and is usually always active in Windows
environment (I windows 2000 you can't even disable it). So now I now the
account name (administrator) all I have to do is figure out the password and
usually what will help me here is some commonly used passwords. There are
pretty good dictionaries out there that will run one word after another till
they find the password (if it is not complex enough). Since administrator
account never locks out I should be able to get this password pretty fast...
Now if you rename the account I can't perform this kind of attack since the
account does not exist. In my practice I go usually one step further and
after I rename "Administrator" account to "Joe" or "Ben" or ... I create new
account with username Administrator. This account does not hold the
administrator privileges and can be locked out. Now all I have to do is
disable the account and monitor for attempted use of this account to figure
out if someone is trying to "hack" me...

2) Administrator is a very powerful account. It has permissions to install
the software and if this is domain account it has permissions to access
other computers on the network. If I logon with administrator account (or
even any other account that has administrative or similar privileges) and
download malicious peace of software or open malicious e-mail it will first
install the malicious code on my computer then spread it all over the
network with my administrator privileges... Don't just rely on your
antivirus with this. This code can be quite simple and overlooked by
antivirus (e.g. simple vbs script that will erase part of the disks, ...)...
This is why usually users in domain will only have ordinary user permissions
on their computer. Even if they receive some malicious code they will not be
allowed to execute it.
Personally I always use ordinary user account for my day-to-day tasks
(writing e-mails, documents etc...). If I need to run the program as e.g.
domain administrator I will usually use "Run As" command to execute the
program like "Active Directory Users and Computer" or other programs that
might need administrator privileges...

3) If you check my answer under #2 you will see that rename account will not
help you out in this case. It still has administrator privileges that will
execute any even malicious code.

I hope this helps,

Mike
 
The reason behind renaming the administrator account is because it is the
top target for hackers/attackers since it is a well known name, an all
powerful account, and can not be locked out. That risk is lower on a home
type network behind a firewall for direct hack attempts. Renaming the
administrator account, while advised, is not always effective since the
built in administrator account has a well know SID which is the number the
operating system assigns to users and groups. We see the name but the
operating system uses the SID for rights and access control lists.

The reason that it is a good idea to not use the administrator account
unless you need it's extra rights is because many [not all] malwares use the
rights of the logged on user to do their thing and many can not if you are
not logged on as administrator. Such malwares may be worms/trojans/viruses
that can be unleashed by opening email attachments, downloading and opening
files that contain malware, and selecting "yes" when prompted by a website
without reading the fine print to install something. Many malwares depend on
discovered operating system vulnerabilities and can harm a computer no
matter who is logged on. Blaster is such an example and it why it is so
important to keep your computer current with critical updates from Windows
Updates which can be done automatically. Some malwares also do a short
attack on the built in administrator account which can be thwarted by using
complex passwords and renaming it . You can connect to the internet with an
account in the administrators group but it will not defend from instances of
opening infected files/attachments or answering yes when you should have
answered no. Using the recommended minimum IE security settings in the link
below can help prevent some of that along with running an antivirus program
such as Norton that can monitor the computer for malicious activity such as
scripts being run and warn you and ask you if you want to run the script or
not AND scans all your emails and downloads. The last link is the bare
minimum security steps that all users should be using. --- Steve

http://mvps.org/winhelp2002/unwanted.htm
http://www.microsoft.com/athome/security/protect/default.aspx -- Microsoft
Protect Your PC link
 
Back
Top