General discussion

  • Creator
    Topic
  • #2313770

    DISABLING BUILT-IN ACCOUNT

    Locked

    by rezuma ·

    Hi all,

    I jsut started working for a company that is using windows 2000 server. For security reasons my boss want me to disable the account that belongs to the guy who was doing my task before (they fired him). I try to disable that account but the system says that i cant be done because it is not posible to disable built-in accounts, does anyone know what can i do to disable the account of the admin who install the software on the server? Of course i cant delete it neither.

All Comments

  • Author
    Replies
    • #3395709

      DISABLING BUILT-IN ACCOUNT

      by ann_m ·

      In reply to DISABLING BUILT-IN ACCOUNT

      Do you have full access to the administrator account? If you do then what you need to do is insure that you are the current Admin then change the password/acount to expired this should free you to delete the user

    • #3395708

      DISABLING BUILT-IN ACCOUNT

      by timwalsh ·

      In reply to DISABLING BUILT-IN ACCOUNT

      If the built-in administrator account is the only one he was using, the only thing you can do is change the password.

      As you discovered, you can neither disable nor delete this account. This is by design.

      Make sure there are no other activeaccounts linked to him. I would also force all users to change their passwords. Chances are the former administrator knows one or more of these.

    • #3395642

      DISABLING BUILT-IN ACCOUNT

      by lordinfidel ·

      In reply to DISABLING BUILT-IN ACCOUNT

      Actually, AU Contraire to all of the nay sayers about disabling the True Admin account.

      It “CAN” be done, because I do this routinely when securing 2K machines.

      I wrote a good discussion about it in the “Go the extra step in securing the windows admin password”

      http://tinyurl.com/77ot

      You want to look at the section, for the Insanely Paranoid.

      I will post it here again:

      • #3395640

        DISABLING BUILT-IN ACCOUNT

        by lordinfidel ·

        In reply to DISABLING BUILT-IN ACCOUNT

        For the insanely paranoid
        Now the next part is for those of you who are really paranoid.

        And that is not only locking out the true admin account, but disabling it all together.

        The first part of this is that you need to enable a lockout threshold. I suggest between 3-5 attempts. And your lockout duration needs to be indefinite.

        Now the inherent problem with the true admin account, is that it can not be locked out. However, using a small tool called admnlock from microsoft. You canallow the true admin account to be locked out.

        Now that does not automatically lock it out. It just “allows” it to be locked out.

        So, you manually force it to be locked out. Assuming you have already set up your copied admin account. And youhave assigned a strong password to the true admin account.

        Log off as the true admin account. Go to another machine and start to log on as the true admin account with a bad password. Keep doing it until you lock out the admin account.

        We arenot done yet. Make sure you have auditing set up for failures. Just doing all of this work means nothing if you are not going to log it.

        One of the best books to read on this subject is the Hacking Exposed series. Foundstone has some great advice. Plus they books written just for 2K, Linux, and Web applications. There latest being Java and J2EE.

        I hope you enjoyed my little nuggets of crap.

        3nj0y & h@99y H@c71ng!

      • #3519021

        DISABLING BUILT-IN ACCOUNT

        by rezuma ·

        In reply to DISABLING BUILT-IN ACCOUNT

        The question was auto-closed by TechRepublic

    • #3395985

      DISABLING BUILT-IN ACCOUNT

      by timber ·

      In reply to DISABLING BUILT-IN ACCOUNT

      You can however rename the account name. I would guess that he renamed the administrator account to his userid. I would just rename it back to administrator and reset the password.

      One thing to watch for with people like that hough is also lookfor backdoors. Most folks that rename the admin account to use as there own also have at least one other account that they can use just in case.

      HTH!!

    • #3358824

      DISABLING BUILT-IN ACCOUNT

      by akindler ·

      In reply to DISABLING BUILT-IN ACCOUNT

      Like LordInfidel says, you can go ahead and lock out the account. I think this is much safer because the admin account has a well-known security ID so, regardless of how you name it, a hacker can usually find out the real name. From there, it is just a matter of password dictionary attach (with “password” as the very first try! You will not believe the amount of fools out there that keep using that as an admin password.). And that’s the beauty of LordInfidel’s trick. It is already locked out, so let them attack all they want!

    • #3519018

      DISABLING BUILT-IN ACCOUNT

      by rezuma ·

      In reply to DISABLING BUILT-IN ACCOUNT

      This question was auto closed due to inactivity

Viewing 5 reply threads