How can determine which name in the local admins list is the built-in local admin account on a workstation if all other admin accounts are copies of the original account and have identical descriptions? Deleting all others until error message about not deleting built-in accounts is not acceptable. It can be from the command line or GUI.
Additionally, I may need to rename this account from the command line, as I have found a collage of diverse local admin accounts across the workstations on a domain. I want to script a NAME CHANGE routine for only the built in local admin account on these NT 4.0 workstations, so all local admin accounts can be uniform.
Addusers.exe only deletes or adds accounts, does NOT rename, so please don't suggest it.
Let's see who's really good!
This conversation is currently closed to new comments.
* In "User Manager for Domains" go into "User Properties" * Put a check in "Account Disabled" then click "OK" * If NT lets you disable the account, then it is not the true Admin Account. * If you get the error message:
USER MANAGER FOR DOMAINS The following error occurred changing the properties of the user xxxxxxx: Cannot perform this operation on built-in accounts. OK
Let's see who's really good... at asking questions that have already been answered? And offering ridiculous amounts of points for same? Get off, stop clogging things up, some people here are actually trying to better themselves, not show off. OK, you've figured out how to get lots of points. Well done - now go away...
Ok, I'll clog up everyone else's rating with 2000 points each even though none came up with an acceptable solution, but at least they cordially tried, and I won't bother clogging up your points you supercilious churl.
Each account has a SID (Security Identifyier) the last three numbers are called the RID (Relative Identifier)
The original administrator's account has a RID of 500. So logon as the account you suspect, fire up REGEDIT (Run Regedit) check out theHKey Users, expand to reveal the last three number if they are 500 then you have cracked it.
You may also be able to solve the problem by changing the permission on the SAM in the registry so that Administrators have full control, drill down andsee if you can match a name with a RID of 500. Remember to reset the permissions afterwards!
I figured out how to accomplish this task remotely in a batch format and you are on the right track. BTW - It is easier to give yourself system rights than to change and reset the reg. Excellent suggestion just the same!
Check the permissions on C:\WINNT\Profiles\Administrator. The original Administrator owns this folder and should be listed as the first user with access to the directory. The name of the directory stays the same no matter what you call the Administrator account but the name of the administrator associated with the folder will change when it is edited in user manager. I’m not aware of any way to rename an account with a script.
I have over 5000 workstations that need their local accounts realigned (Prev admin was, well, ya know). So I have been working on a problem similar to yours for a while as well.
I believe I have figured out this problem, so I can script a domain wide local admin rename. I already have a password change script I wrote, that I can modifiy to include this item. Feel free to contact me if you want to use any of my domain scripts. dastew@kodak.com
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Admin account
accounts are copies of the original account and have identical
descriptions? Deleting all others until error message about not
deleting built-in accounts is not acceptable. It can be from the
command line or GUI.
Additionally, I may need to rename this account from the
command line, as I have found a collage of diverse local admin
accounts across the workstations on a domain. I want to script a
NAME CHANGE routine for only the built in local admin account
on these NT 4.0 workstations, so all local admin accounts can
be uniform.
Addusers.exe only deletes or adds accounts, does NOT
rename, so please don't suggest it.
Let's see who's really good!