General discussion

Locked

DISABLING BUILT-IN ACCOUNT

By REZUMA ·
Hi all,

I jsut started working for a company that is using windows 2000 server. For security reasons my boss want me to disable the account that belongs to the guy who was doing my task before (they fired him). I try to disable that account but the system says that i cant be done because it is not posible to disable built-in accounts, does anyone know what can i do to disable the account of the admin who install the software on the server? Of course i cant delete it neither.

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

DISABLING BUILT-IN ACCOUNT

by ann_m In reply to DISABLING BUILT-IN ACCOUN ...

Do you have full access to the administrator account? If you do then what you need to do is insure that you are the current Admin then change the password/acount to expired this should free you to delete the user

Collapse -

DISABLING BUILT-IN ACCOUNT

by REZUMA In reply to DISABLING BUILT-IN ACCOUN ...

The question was auto-closed by TechRepublic

Collapse -

DISABLING BUILT-IN ACCOUNT

by timwalsh In reply to DISABLING BUILT-IN ACCOUN ...

If the built-in administrator account is the only one he was using, the only thing you can do is change the password.

As you discovered, you can neither disable nor delete this account. This is by design.

Make sure there are no other activeaccounts linked to him. I would also force all users to change their passwords. Chances are the former administrator knows one or more of these.

Collapse -

DISABLING BUILT-IN ACCOUNT

by REZUMA In reply to DISABLING BUILT-IN ACCOUN ...

The question was auto-closed by TechRepublic

Collapse -

DISABLING BUILT-IN ACCOUNT

by LordInfidel In reply to DISABLING BUILT-IN ACCOUN ...

Actually, AU Contraire to all of the nay sayers about disabling the True Admin account.

It "CAN" be done, because I do this routinely when securing 2K machines.

I wrote a good discussion about it in the "Go the extra step in securing the windows admin password"

http://tinyurl.com/77ot

You want to look at the section, for the Insanely Paranoid.

I will post it here again:

Collapse -

DISABLING BUILT-IN ACCOUNT

by LordInfidel In reply to DISABLING BUILT-IN ACCOUN ...

For the insanely paranoid
Now the next part is for those of you who are really paranoid.

And that is not only locking out the true admin account, but disabling it all together.

The first part of this is that you need to enable a lockout threshold. I suggest between 3-5 attempts. And your lockout duration needs to be indefinite.

Now the inherent problem with the true admin account, is that it can not be locked out. However, using a small tool called admnlock from microsoft. You canallow the true admin account to be locked out.

Now that does not automatically lock it out. It just "allows" it to be locked out.

So, you manually force it to be locked out. Assuming you have already set up your copied admin account. And youhave assigned a strong password to the true admin account.

Log off as the true admin account. Go to another machine and start to log on as the true admin account with a bad password. Keep doing it until you lock out the admin account.

We arenot done yet. Make sure you have auditing set up for failures. Just doing all of this work means nothing if you are not going to log it.

One of the best books to read on this subject is the Hacking Exposed series. Foundstone has some great advice. Plus they books written just for 2K, Linux, and Web applications. There latest being Java and J2EE.

I hope you enjoyed my little nuggets of crap.

3nj0y & h@99y H@c71ng!

Collapse -

DISABLING BUILT-IN ACCOUNT

by REZUMA In reply to DISABLING BUILT-IN ACCOUN ...

The question was auto-closed by TechRepublic

Collapse -

DISABLING BUILT-IN ACCOUNT

by timber In reply to DISABLING BUILT-IN ACCOUN ...

You can however rename the account name. I would guess that he renamed the administrator account to his userid. I would just rename it back to administrator and reset the password.

One thing to watch for with people like that hough is also lookfor backdoors. Most folks that rename the admin account to use as there own also have at least one other account that they can use just in case.

HTH!!

Collapse -

DISABLING BUILT-IN ACCOUNT

by REZUMA In reply to DISABLING BUILT-IN ACCOUN ...

The question was auto-closed by TechRepublic

Collapse -

DISABLING BUILT-IN ACCOUNT

by akindler In reply to DISABLING BUILT-IN ACCOUN ...

Like LordInfidel says, you can go ahead and lock out the account. I think this is much safer because the admin account has a well-known security ID so, regardless of how you name it, a hacker can usually find out the real name. From there, it is just a matter of password dictionary attach (with "password" as the very first try! You will not believe the amount of fools out there that keep using that as an admin password.). And that's the beauty of LordInfidel's trick. It is already locked out, so let them attack all they want!

Back to Windows Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums