General discussion
-
CreatorTopic
-
March 10, 2003 at 12:28 am #2313770
DISABLING BUILT-IN ACCOUNT
Lockedby rezuma · about 21 years ago
Hi all,
I jsut started working for a company that is using windows 2000 server. For security reasons my boss want me to disable the account that belongs to the guy who was doing my task before (they fired him). I try to disable that account but the system says that i cant be done because it is not posible to disable built-in accounts, does anyone know what can i do to disable the account of the admin who install the software on the server? Of course i cant delete it neither.
Topic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
March 10, 2003 at 3:14 am #3395709
DISABLING BUILT-IN ACCOUNT
by ann_m · about 21 years ago
In reply to DISABLING BUILT-IN ACCOUNT
Do you have full access to the administrator account? If you do then what you need to do is insure that you are the current Admin then change the password/acount to expired this should free you to delete the user
-
June 8, 2003 at 4:01 pm #3519019
DISABLING BUILT-IN ACCOUNT
by rezuma · about 20 years, 9 months ago
In reply to DISABLING BUILT-IN ACCOUNT
The question was auto-closed by TechRepublic
-
-
March 10, 2003 at 3:14 am #3395708
DISABLING BUILT-IN ACCOUNT
by timwalsh · about 21 years ago
In reply to DISABLING BUILT-IN ACCOUNT
If the built-in administrator account is the only one he was using, the only thing you can do is change the password.
As you discovered, you can neither disable nor delete this account. This is by design.
Make sure there are no other activeaccounts linked to him. I would also force all users to change their passwords. Chances are the former administrator knows one or more of these.
-
June 8, 2003 at 4:01 pm #3519020
DISABLING BUILT-IN ACCOUNT
by rezuma · about 20 years, 9 months ago
In reply to DISABLING BUILT-IN ACCOUNT
The question was auto-closed by TechRepublic
-
-
March 10, 2003 at 4:24 am #3395642
DISABLING BUILT-IN ACCOUNT
by lordinfidel · about 21 years ago
In reply to DISABLING BUILT-IN ACCOUNT
Actually, AU Contraire to all of the nay sayers about disabling the True Admin account.
It “CAN” be done, because I do this routinely when securing 2K machines.
I wrote a good discussion about it in the “Go the extra step in securing the windows admin password”
You want to look at the section, for the Insanely Paranoid.
I will post it here again:
-
March 10, 2003 at 4:24 am #3395640
DISABLING BUILT-IN ACCOUNT
by lordinfidel · about 21 years ago
In reply to DISABLING BUILT-IN ACCOUNT
For the insanely paranoid
Now the next part is for those of you who are really paranoid.And that is not only locking out the true admin account, but disabling it all together.
The first part of this is that you need to enable a lockout threshold. I suggest between 3-5 attempts. And your lockout duration needs to be indefinite.
Now the inherent problem with the true admin account, is that it can not be locked out. However, using a small tool called admnlock from microsoft. You canallow the true admin account to be locked out.
Now that does not automatically lock it out. It just “allows” it to be locked out.
So, you manually force it to be locked out. Assuming you have already set up your copied admin account. And youhave assigned a strong password to the true admin account.
Log off as the true admin account. Go to another machine and start to log on as the true admin account with a bad password. Keep doing it until you lock out the admin account.
We arenot done yet. Make sure you have auditing set up for failures. Just doing all of this work means nothing if you are not going to log it.
One of the best books to read on this subject is the Hacking Exposed series. Foundstone has some great advice. Plus they books written just for 2K, Linux, and Web applications. There latest being Java and J2EE.
I hope you enjoyed my little nuggets of crap.
3nj0y & h@99y H@c71ng!
-
June 8, 2003 at 4:01 pm #3519021
DISABLING BUILT-IN ACCOUNT
by rezuma · about 20 years, 9 months ago
In reply to DISABLING BUILT-IN ACCOUNT
The question was auto-closed by TechRepublic
-
-
March 10, 2003 at 10:58 pm #3395985
DISABLING BUILT-IN ACCOUNT
by timber · about 21 years ago
In reply to DISABLING BUILT-IN ACCOUNT
You can however rename the account name. I would guess that he renamed the administrator account to his userid. I would just rename it back to administrator and reset the password.
One thing to watch for with people like that hough is also lookfor backdoors. Most folks that rename the admin account to use as there own also have at least one other account that they can use just in case.
HTH!!
-
June 8, 2003 at 4:01 pm #3519022
DISABLING BUILT-IN ACCOUNT
by rezuma · about 20 years, 9 months ago
In reply to DISABLING BUILT-IN ACCOUNT
The question was auto-closed by TechRepublic
-
-
May 13, 2003 at 1:21 pm #3358824
DISABLING BUILT-IN ACCOUNT
by akindler · about 20 years, 10 months ago
In reply to DISABLING BUILT-IN ACCOUNT
Like LordInfidel says, you can go ahead and lock out the account. I think this is much safer because the admin account has a well-known security ID so, regardless of how you name it, a hacker can usually find out the real name. From there, it is just a matter of password dictionary attach (with “password” as the very first try! You will not believe the amount of fools out there that keep using that as an admin password.). And that’s the beauty of LordInfidel’s trick. It is already locked out, so let them attack all they want!
-
June 8, 2003 at 4:01 pm #3519023
DISABLING BUILT-IN ACCOUNT
by rezuma · about 20 years, 9 months ago
In reply to DISABLING BUILT-IN ACCOUNT
The question was auto-closed by TechRepublic
-
-
June 8, 2003 at 4:01 pm #3519018
DISABLING BUILT-IN ACCOUNT
by rezuma · about 20 years, 9 months ago
In reply to DISABLING BUILT-IN ACCOUNT
This question was auto closed due to inactivity
-
-
AuthorReplies