Changing the built-in "Administrator username"? How Safe Is It??

By IT Support Desk ·
Has anyone encountered any drawbacks to changing the built-in "administrator" username account to a different name? Yes, we do have additional accounts setup with administrative privileges applied and I realize we can simply add an additional username, assign it admin privileges and call it good but, we are working with a particular client that has a need for increased security and changing the administrator's username to another name is being considered. Firewall appliances made by Cisco and SonicWall have this capability to change its primary admin account to another name. Is it safe to do the same with the built-in administrator account or are their known quirks with Microsoft's Active Directory when doing so? Thank you advance.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by Jacky Howe In reply to Changing the built-in "Ad ...

long as there are no services that rely on the Account. That can be a problem. Here is an interesting tip.

Collapse -

So true (but also so blue) ... sorry, couldn't resist.

by OldER Mycroft In reply to Changing the built-in "Ad ...

Intrinsically, what you are suggesting is like removing the solid rocket boosters from the Space Shuttle, replacing them with LandRover 4x4 engines (because you know within yourself, they can do the same job).

Can they?

You are actually attempting to remove the lintel above the major WINDOW - perhaps above ALL the WINDOWS!

If the building then comes crashing down do you want somewhere that you can come back to and say ~~~ BUT YOU TOLD ME I COULD DO IT!


I would ask you, WHY do you want to change the name of the Administrator?

If you are employed by a Megalomaniac, I suggest you get out now! Before the building comes crashing down!

M$ microcode is not really something to start messing with.

***Just a personal opinion, you understand ~ but 'Administrator' is something I've seen changed - but the resultant problems have never been explained!


Collapse -


I've always changed the name of the Administrator account as a security best practice. I've never had any problems result from that.

Collapse -

The name doesn't matter.

by TonytheTiger In reply to eh?

It's only a convenience to us humans. The SID for the Administrator always starts with S-1-5- and end with -500 and can thus be found by anyone who really wants to know, no matter what the "name" is.

I'd recommend simply "disable" the administrator account (after creating another user and adding it to the administrators group, of course).

Collapse -

I've read the same information re: the SID...

by IT Support Desk In reply to The name doesn't matter.

from experts-exchange. Perhaps changing the username will work afterall.
Funny thing is, I remember changing the built-in admin account on a Windows 2000 server a couple of years ago and noticed a number of services failing. I would think as "bright" as MS is, they would encourage this w/out reeking havoc on the system for OVERALL SECURITY. Afterall, wouldn't security be in their best interests as well? Nevermind. Don't answer that.

Collapse -

You could always

by TonytheTiger In reply to I've read the same inform ...

remove "Administrator" from the administrators group as well :)

Collapse -

Don't forget to make a dummy account

by jdclyde In reply to Changing the built-in "Ad ...

After you rename the admin account, create a NEW account by that name, but give it NO permissions.

Turn logging on for that account, and you will know if someone is trying to hack the system.

Collapse -

Good idea

by LiamE In reply to Don't forget to make a du ...

Good idea. I'll start doing that I think.

Collapse -

Logging/auditing was already activated

by IT Support Desk In reply to Don't forget to make a du ...

Logging/auditing was already activated.

Related Discussions

Related Forums