Windows

Are you gonna have enough points for all this questions?
Just curious...

* In "User Manager for Domains" go into
"User Properties"
* Put a check in
"Account Disabled" then click "OK"
* If NT lets you disable the account, then it is not the true Admin Account.
* If you get the error message:

USER MANAGER FOR DOMAINS
The following error occurred changing the properties of the user xxxxxxx:
Cannot perform this operation on built-in accounts.
OK

then you've found it. Click "OK"

Good luck,
Lanpinger

Let's see who's really good... at asking questions that have already been answered? And offering ridiculous amounts of points for same? Get off, stop clogging things up, some people here are actually trying to better themselves, not show off. OK, you've figured out how to get lots of points. Well done - now go away...

Each account has a SID (Security Identifyier) the last three numbers are called the RID (Relative Identifier)

The original administrator's account has a RID of 500. So logon as the account you suspect, fire up REGEDIT (Run Regedit) check out theHKey Users, expand to reveal the last three number if they are 500 then you have cracked it.

You may also be able to solve the problem by changing the permission on the SAM in the registry so that Administrators have full control, drill down andsee if you can match a name with a RID of 500. Remember to reset the permissions afterwards!

Check the permissions on C:\WINNT\Profiles\Administrator. The original Administrator owns this folder and should be listed as the first user with access to the directory. The name of the directory stays the same no matter what you call the Administrator account but the name of the administrator associated with the folder will change when it is edited in user manager. I’m not aware of any way to rename an account with a script.

I have over 5000 workstations that need their local accounts realigned (Prev admin was, well, ya know). So I have been working on a problem similar to yours for a while as well.