General discussion

  • Creator
  • #2080685

    NT Best Practices


    by texasjarhead ·

    I am in the process of implementing NT Best Practices for my network. One of the thigs that is suggested is to make the built in Administrator account a dummy account and disable the account with a registry change after you have cloned the account and renamed it. My question is Where in the Registry do make this change?

All Comments

  • Author
    • #3893290

      NT Best Practices

      by mckaytech ·

      In reply to NT Best Practices

      I know this doesn’t directly answer your question but I’m very, very nervous about “Best Practices” that advocate registry hacks without specifying exactly how to do it and attaching a clear statement of the risks.

      The question I usually ask myself when reviewing such a recommendation is “Is the cure worse than the disease?”



      Paul M. Wright, Jr.
      McKay Technologies

    • #3893280

      NT Best Practices

      by koan me ·

      In reply to NT Best Practices

      Use the passprop.exe utility (provided with the NT Server Resource Kit) to secure administrator accounts. This utility will lock out the administrator accounts over the network after repeated logon attempts have failed. You’ll still be able tolog onto your administrator account from the domain controller. Since the administrator account is a default account and can’t be removed, rename it by selecting it in User Manager for Domains and choosing Rename from the User menu. This account should be demotted because its default name is well known among hackers. By not changing it, you’ve left the name of an administrative-level account wide open to hackers.

    • #3893274

      NT Best Practices

      by simon.wellborne ·

      In reply to NT Best Practices

      If you rename the native Administrator account (using Usermgr) you can then create another account called Administrator. This new administrator account can then be disabled, by using the “Account disabled” feature in Usrmgr.

      You can also add this new administrator user to the guest account, just in case someone enables the account again.

      Security by obscurity. This method will only confuse a “hacker” of limited intelligence, but Sys Admins must do what they can to protect their systems and this is but one method.

      Good luck.

    • #3893229

      NT Best Practices

      by phinaddict ·

      In reply to NT Best Practices

      If you just rename your Administrator account to something that is not obvious and use a strong password (alpha-numeric with numbers and special characters) you will be fine. This avoids having to do the registry hack and will give you added security.

    • #3895240

      NT Best Practices

      by ustutz ·

      In reply to NT Best Practices

      Rename the builtin Administrator Account (be careful to remember that name). Afterwards create a new account named “Administrator”. Go into User Rights under User Manager, Policies, and just take away any of the rights you feel to be dangerous. It doesn’t really matter if the that dummy acount is still functional. On the other hand, to valuable as a decoy, it should retain enough functionality to keep a potential hacker entertained for at least a little while.

      Final Caution: Before monkeying with the builtin administrator account, add a few (trusted) people to the Domain Admins group (and the Administrators Group if you are really paranoid). That way you can always undo your changes. Also, final precaution, create an Emergency Repair Disk (without updating). That will allow you to return to the status quo at the time you installed the box. Shy away from registry changes unless a) you really understand them, or b) have an up-to-date resume. 🙂 Hooyaah!

Viewing 4 reply threads