Announcement

Collapse
No announcement yet.

Recommended method for administrator account rename

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Recommended method for administrator account rename

    Hi I wonder if i could ask for some advice,

    I have recently had to rebuild our system after a major crash and ultimately ended up with a fresh reload and reconfig of domain and users etc.

    When arrived here the admin user had been renamed and i would like to re-implement this but never actually looked into how the previous sysadmin had set it up.

    From looking up the query there seems to be an equal amount of users saying use the GPO rename administrator account on the default domain controller policy and others saying just rename it from ADU&C.

    Just wondering who is right? i can do either but if the simple rename in ADU&C will cause problems then i'll avoid otherwise it seems the easier option.

    The Admin account in question is the main server/domain administrator account on the domain controller, not for local workstation/member server admin.

    Thanks

    Ben
    Ben Gillam MCP/MCSA 2003 - IT Manager (IGC Group)

  • #2
    Re: Recommended method for administrator account rename

    Will need to check, but I think the GPO is used to rename the local administrator account on non-DCs (it seems overkill for the Domain Admin account)

    But I would say there is no "correct" way, only a correct result!
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Recommended method for administrator account rename

      Thanks , that was my understanding until today anyway, but reading various forums seemed to sway my understanding all over lol

      But I would say there is no "correct" way, only a correct result!
      :thumbsup:
      Ben Gillam MCP/MCSA 2003 - IT Manager (IGC Group)

      Comment


      • #4
        Re: Recommended method for administrator account rename

        When considering to rename the domain administrator account, renaming it via ADUC will not negatively impact the domain. Keep in mind from AD's prespective, what makes this account be the built-in Administrators is not the user name, but the SID '-500'.

        Now, if you have a custom application, script, or something to that effect that is looking for this account, by name, and not by SID, then of course that would impact that particular app.

        Using a GPO to rename the Admin account is generally used to rename the local admin accounts on your domain members. You probably want to rename your domain built-in admin account to something else.

        Just as a note, renaming these administrator accounts to something else may prevent 'newbie' malicious behavior. Anyone that really wants to exploit these accounts would be looking for the account with the admin SID, not the userID.
        JM @ IT Training & Consulting
        http://www.itgeared.com

        Comment


        • #5
          Re: Recommended method for administrator account rename

          Working on the assumption Microsoft know what they are doing I usually follow the clean SBS install route of creating a new account by copying the administrator account, and then disable the original. SBS 2008 and higher doesn't let you use "administrator" when you do a clean install, the account exists but is disabled by default.
          BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
          sigpic
          Cruachan's Blog

          Comment


          • #6
            Re: Recommended method for administrator account rename

            thanks for the advice everyone, much appreciated!
            Ben Gillam MCP/MCSA 2003 - IT Manager (IGC Group)

            Comment

            Working...
            X