General discussion

Locked

NT Best Practices

By texasjarhead ·
I am in the process of implementing NT Best Practices for my network. One of the thigs that is suggested is to make the built in Administrator account a dummy account and disable the account with a registry change after you have cloned the account and renamed it. My question is Where in the Registry do make this change?

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

NT Best Practices

by McKayTech In reply to NT Best Practices

I know this doesn't directly answer your question but I'm very, very nervous about "Best Practices" that advocate registry hacks without specifying exactly how to do it and attaching a clear statement of the risks.

The question I usually ask myself when reviewing such a recommendation is "Is the cure worse than the disease?"

Regards!

paul

Paul M. Wright, Jr.
McKay Technologies

Collapse -

NT Best Practices

by texasjarhead In reply to NT Best Practices
Collapse -

NT Best Practices

by Koan Me In reply to NT Best Practices

Use the passprop.exe utility (provided with the NT Server Resource Kit) to secure administrator accounts. This utility will lock out the administrator accounts over the network after repeated logon attempts have failed. You’ll still be able tolog onto your administrator account from the domain controller. Since the administrator account is a default account and can’t be removed, rename it by selecting it in User Manager for Domains and choosing Rename from the User menu. This account should be demotted because its default name is well known among hackers. By not changing it, you’ve left the name of an administrative-level account wide open to hackers.

Collapse -

NT Best Practices

by texasjarhead In reply to NT Best Practices
Collapse -

NT Best Practices

by simon.wellborne In reply to NT Best Practices

If you rename the native Administrator account (using Usermgr) you can then create another account called Administrator. This new administrator account can then be disabled, by using the "Account disabled" feature in Usrmgr.

You can also add this new administrator user to the guest account, just in case someone enables the account again.

Security by obscurity. This method will only confuse a "hacker" of limited intelligence, but Sys Admins must do what they can to protect their systems and this is but one method.

Good luck.

Collapse -

NT Best Practices

by texasjarhead In reply to NT Best Practices
Collapse -

NT Best Practices

by Phinaddict In reply to NT Best Practices

If you just rename your Administrator account to something that is not obvious and use a strong password (alpha-numeric with numbers and special characters) you will be fine. This avoids having to do the registry hack and will give you added security.

Collapse -

NT Best Practices

by texasjarhead In reply to NT Best Practices
Collapse -

NT Best Practices

by ustutz In reply to NT Best Practices

Rename the builtin Administrator Account (be careful to remember that name). Afterwards create a new account named "Administrator". Go into User Rights under User Manager, Policies, and just take away any of the rights you feel to be dangerous. It doesn't really matter if the that dummy acount is still functional. On the other hand, to valuable as a decoy, it should retain enough functionality to keep a potential hacker entertained for at least a little while.

Final Caution: Before monkeying with the builtin administrator account, add a few (trusted) people to the Domain Admins group (and the Administrators Group if you are really paranoid). That way you can always undo your changes. Also, final precaution, create an Emergency Repair Disk (without updating). That will allow you to return to the status quo at the time you installed the box. Shy away from registry changes unless a) you really understand them, or b) have an up-to-date resume. :-) Hooyaah!

Collapse -

NT Best Practices

by texasjarhead In reply to NT Best Practices
Back to Windows Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums