A question for the list, inspired by the server hardening/break in threads:
Is changing the Administrator account name really worthwhile or not? My largely unfounded, sparsely researched opinion is this: So far I haven't read a convincing argument for changing the name of the administrator account, and there's one reason I've chosen not to - account lockout policy. Only the domain Administrator account is exempt from lockout unless there's a special dispensation for Domain/Enterprise admins I don't know about. So choosing another account (and thus changing the SID) would take away the protection(?) against a DoS attack on the Administrator account. As for providing extra security, I believe it's security by obscurity. In order to access password-based systems, you have a set of public knowledge (username) and private knowledge (password): known * unknown = unknown, or in a (non)mathematical sense for brute force attacks, 1 * ? = ?. Now let's say you change the Administrator password, what have you gotten? Unknown * unknown = unknown, or ? * ? = ?. You've changed the equation but not the outcome. I realize that changing the name prevents automated attacks but can't this be defeated by not allowing direct remote Administrator access? (no VPN account, no OWA account, servers locked up in a datacenter...) Basically what I'm asking is whether changing the account name is a fundamental princple or just icing on the cake. Derick Anderson --------------------------------------------------------------------------- ---------------------------------------------------------------------------
