Tony said: "Could it be that the Administrator account has been renamed and new account created using the name "Administrator". Why anyone would want to do this I don't know, but it can be done (just tested it)." ----------------------- I have been known to do this on some DMZ or Internet facing systems - more to foil the common 'after school' scripters, rather than the more seasoned who will look for SIDs rather than just by name.
It's a security practice that is really not that uncommon, and you may have hit the nailon the head, Tony. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 "Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:ActiveDir-owner@;mail.activedir.org] On Behalf Of Tony Murray > Sent: Wednesday, October 23, 2002 7:49 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] Admin Account Trouble > > > Ok, so this is an old thread - sorry to raise the dead. :-) > > I had an idea about this. Could it be that the Administrator > account has been renamed and new account created using the > name "Administrator". Why anyone would want to do this I > don't know, but it can be done (just tested it). > > If this is the case in your environment, it should be > possible to locate the origional Administrator account. The > RID is always 500 (or 1F4 if you look at the string > representation of objectSid using e.g. LDP.EXE). > > Just a thought... > > Tony > > -----Original Message----- > From: Craig Cerino [mailto:Craig_Cerino@;Tiel.com] > Sent: Montag, 23. September 2002 15:28 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Admin Account Trouble > > > Dave, > > Anything is possible --- but I am the only one that has > authority to make any registry changes (and haven't). Also, > it doesn't matter where you are - console-TS session. If it's > locked out --- I have to use one of the back door accounts I > created to unlock it. Cooky. > > -----Original Message----- > From: Thornley, Dave H [mailto:D.H.Thornley@;shu.ac.uk] > Sent: Monday, September 23, 2002 9:13 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Admin Account Trouble > > Craig, > I have a very vague recollection of a utility or a Registry > setting or something that would allow the administrator > account to be locked out via the network, but you could > always log in at the console (or something like that...!) Is > it possible that's what's causing your problems? > > dave > > -----Original Message----- > From: Craig Cerino [mailto:Craig_Cerino@;Tiel.com] > Sent: 23 September 2002 13:36 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Admin Account Trouble > > > Rick -- that's what I thought but I am here to tell you the built in > administrator account can ABSOLUTELY become locked out. > > I see it all the time. One of our smaller separate networks > (built in) Administrator account gets locked out all the time. > > It's actually pretty weird and I've been working for a while > now trying to figure out WHY this is happening. > > Craig > > > > > > -----Original Message----- > From: Rick Kingslan [mailto:rkingsla@;cox.net] > Sent: Friday, September 20, 2002 8:48 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Admin Account Trouble > > Craig, > > Can't happen - the Administrator account can't be locked out. > Which, if you think about it is the reason that it's > attacked over any other potential admin equivalent account. > If the account 'Rick' is an admin equiv but has a lockout of > 3 attempts, I may as well go after the Administrator who > won't lockout even though I'm going after it with a full > onslaught brute force dictionary attack with my mongo > dictionary with all possible replacement text. By open of > business Monday the administrator account has taken on > millions of password attempts. > > Yeah, it's kind of a small problem. > > Rick Kingslan - Microsoft MVP [Windows NT/2000] > Microsoft Certified Trainer > MCSA, MCSE+I - Windows NT / 2000 > > "Any sufficiently advanced technology > is indistinguishable from magic." > --- Arthur C. Clarke > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:ActiveDir-owner@;mail.activedir.org] On Behalf Of > Craig Cerino > > Sent: Friday, September 20, 2002 12:16 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Admin Account Trouble > > > > > > I REALLY don't mean to be insulting -- but is it locked out? > > > > -----Original Message----- > > From: Michael Payne [mailto:mpayne@;amocofcu.org] > > Sent: Friday, September 20, 2002 12:43 PM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] Admin Account Trouble > > > > Hello Everyone, > > > > My administrator account (Windows 2000 server) can not access the > > group policies for the Domain\ Domain Controller. I can not install > > software nor does the hardware wizard respond. Any ideas or > > suggestions? I would appreciate any advice. > > > > Thanks in advance, > > > > > > Mike > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
