Announcement

Collapse
No announcement yet.

How to? Remove Admin's Name from Being Revealed Under 'Run As'

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to? Remove Admin's Name from Being Revealed Under 'Run As'

    For increased security I have changed the name of the administrator.
    However, I just realized that is not effective because whenever I log on as a restricted user and I need to do something small, like install programs, I right-click + SHIFT 'Add/Remove' programs and select 'Run As'. I select the radio button "THe following user" which tells me the new name of the administrator.

    This defeats the purpose of changing the administrator name.

    Is there an options to prevent this?

    I still want to be able to 'Run as' programs, but I also don't want the new administrator name to show up.
    I guess the optimal solution would be to remove the drop down list showing the administrator name and have both user name and password clear - so both would have to be known.

    Anyone know how to do this?

    OS: Server 2003 R2 SP2

    thanks for the help everyone.

  • #2
    Re: How to? Remove Admin's Name from Being Revealed Under 'Run As'

    Even if there was it's pointless.

    Every authenticated user has read access to all local and domain accounts. They can easily gather the user names.

    The point of renaming admin accounts is so un-authenticated don't guess common usernames.

    Comment


    • #3
      Re: How to? Remove Admin's Name from Being Revealed Under 'Run As'

      Meekrobe,
      I think you might be right.
      Searched all over the internet and came up with nothing.

      So, I think there is not such option.

      End of Thread.

      Comment


      • #4
        Re: How to? Remove Admin's Name from Being Revealed Under 'Run As'

        many thanks for this discusion , also i need to know how to do this?

        Comment


        • #5
          Re: How to? Remove Admin's Name from Being Revealed Under 'Run As'

          Changing the name of the local administrator is not for security per se. Based on my time at HP where we lived w/ viruses behind the firewall, the real point here is to prevent blind attacks by virus laden machines on "Administrator", nothing more.

          So renaming Administrator still has value.

          On the RunAs front, just thought I'd bring up CPAU:

          http://www.joeware.net/

          Similar to SANUR except you can encrypt the password.
          Cheers,

          Rick

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

          Comment


          • #6
            Re: How to? Remove Admin's Name from Being Revealed Under 'Run As'

            And even then if you have strong passwords and change it on regular base it still has no use. I'm sorry to say but if you are a smart virus builder you always can find the unique number of the administrator.

            I suggest to hire a security specialist to make a baseline scan and pentesting.
            It has no use to change a lot of thing without start looking at the base of the security enviroment.
            Yes it will cost you, but I'm sure you get a way better and more secure enviroment.

            Just a few hints what I think it's way more important to look at (just in any order)...

            How and how often do you deploy patches?
            How is you're firewall functioning?
            Which permissions has you're users?
            Ho do you manage your AV environment?
            Are all servers and firewalls up-to-date?
            Do you have unnecessary rules in your firewall?
            What procedure do you use to change the passwords of all admin accounts, including service accounts and local admins accounts?
            How have you secured your physical network?
            Who has access to your servers?
            Do you have a Logbook for who is visiting your serverroom?
            How do the admins login on their own workstations?
            How do admins login on workstations of the users?
            How do admins manage the servers remotely?
            Have you enabled auditing?
            Which tooling do you use to monitor the servers?
            Do you have an IPS/IDS sysem?

            This is way more important then what runas has cached an admin userID.
            This is just to get you thinking the other way then renaming accounts or clearing a cache of Run as...

            @Rvalstar,
            That's a nice tool for scripting
            However I thing he ment the gui.. You know, Shift + right click --> run as...
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: How to? Remove Admin's Name from Being Revealed Under 'Run As'

              Originally posted by Dumber View Post
              @Rvalstar,
              That's a nice tool for scripting
              However I thing he ment the gui.. You know, Shift + right click --> run as...
              Understood. I just like the tool and I figured if the OP wasn't scripting yet, it was worth bringing it up as scripting is inevitable.
              Cheers,

              Rick

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

              Comment

              Working...
              X