RE: [ActiveDir] Renaming the Administrator account

[Rutherford, Robert]

Title: Message

2000 security/authentication revolves around the SID. I have always renamed the admin account, on a PC and domain level and have never had an issue. I would sensitively ask your 'more' experienced colleague for an example of which "other areas may use the “Administrator” username explicitly".   BR   Rob     -----Original Message----- From: Edwin [mailto:[EMAIL PROTECTED] Sent: 21 July 2004 12:38 To: [EMAIL PROTECTED] Subject: [ActiveDir] Renaming the Administrator account I have always renamed the default Administrator account on every system build I have performed for security reasons.   I did the same on the domain but was then scolded by a more experienced AD Administrator.  The reason given to me was because there are parts of AD that authenticate or use the SID of the administrator account while other areas may use the “Administrator” username explicitly.  If I were to rename the default Administrator account then those references that call the username explicitly may fail.   I am still new to AD so I took the above warning with caution and therefore renamed the default user back to its original settings.   I would appreciate anyone’s input on the above.  I would like to rename the Administrator account as part of best practices but if it may cause problems then of course this would not be an option.  However, I have a hard time understanding why renaming the account could cause potential problems.  I would think that any reference to the Administrator account would be made by the SID and if any call to the username itself was made, it would access a database that was populated with the correct information as it was changed.   The only information I have about renaming the account is above.   Thank you all for your responses.   Edwin This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains. It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes. The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.