Changing the default Administrator account name as a security measure

One common security practice to prevent hacking attempts on Windows is to rename the Administrator account. To heighten security, the account can be renamed with the same stringencies as a password—i.e., a random combination of letters and numbers. Many common hack attempts operate from the assumption that the Administrator account still has the same name as it did on startup.

The Windows Recovery Console should still work correctly even if the Administrator account has been renamed. It will not work, however, if the default Administrator account has been disabled, which cannot be done through the conventional user-administration tools but can be done manually with third-party programs. Some zealous folks take the idea a little too far, and not only disable the default Administrator account but create a "dummy" Administrator account that's also disabled and has no privileges. This is a mistake, since disabling the account renders the Recovery Console useless.

Another problem with renaming the Administrator account is that some programs that require Administrator access will look for the account by its name and not by its SID. (The SID for the Administrator account always begins with 500-, so it is easily identifiable by anyone looking for it by examining account GUIDs.) It's not always easy to tell which programs work like this in advance, and it is entirely possible that you may never

Requires Free Membership to View

know until it's too late.

For these reasons, renaming the Administrator account as a security measure isn't always the best line of defense. Strong password protection, limiting physical and network access to the console, and many other common-sense procedures will work just as well, if not better.

Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter. Check out his indows 2000 blog for his latest advice and musings on the world of Windows network administrators – please share your thoughts as well!

This was first published in August 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.