One common security practice to prevent hacking attempts on Windows is to rename the Administrator account. To heighten security, the account can be renamed with the same stringencies as a password—i.e., a random combination of letters and numbers. Many common hack attempts operate from the assumption that the Administrator account still has the same name as it did on startup.
The Windows Recovery Console should still work correctly even if the Administrator account has been renamed. It will not work, however, if the default Administrator account has been disabled, which cannot be done through the conventional user-administration tools but can be done manually with third-party programs. Some zealous folks take the idea a little too far, and not only disable the default Administrator account but create a "dummy" Administrator account that's also disabled and has no privileges. This is a mistake, since disabling the account renders the Recovery Console useless.
Another problem with renaming the Administrator account is that some programs that require Administrator access will look for the account by its name and not by its SID. (The SID for the Administrator account always begins with 500-, so it is easily identifiable by anyone looking for it by examining account GUIDs.) It's not always easy to tell which programs work like this in advance, and it is entirely possible that you may never
For these reasons, renaming the Administrator account as a security measure isn't always the best line of defense. Strong password protection, limiting physical and network access to the console, and many other common-sense procedures will work just as well, if not better.
Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter. Check out his indows 2000 blog for his latest advice and musings on the world of Windows network administrators – please share your thoughts as well!
This was first published in August 2004