Accounts retain their SID's when you rename them. Renaming the admin account defeats "dumb" worms/virus/trojans etc, and that's about it. Determined black hats will know what to look for.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q243330 JMB | -----Original Message----- | From: Derick Anderson [mailto:[EMAIL PROTECTED] | Sent: Tuesday, November 15, 2005 4:21 PM | To: [email protected] | Subject: Renaming Administrator account | | A question for the list, inspired by the server | hardening/break in | threads: | | Is changing the Administrator account name really | worthwhile or not? My largely unfounded, sparsely | researched opinion is this: | | So far I haven't read a convincing argument for | changing the name of the administrator account, and | there's one reason I've chosen not to - account | lockout policy. Only the domain Administrator | account is exempt from lockout unless there's a | special dispensation for Domain/Enterprise admins I | don't know about. So choosing another account (and | thus changing the SID) would take away the | protection(?) against a DoS attack on the | Administrator account. | | As for providing extra security, I believe it's | security by obscurity. | In order to access password-based systems, you have | a set of public knowledge (username) and private | knowledge (password): known * unknown = unknown, or | in a (non)mathematical sense for brute force attacks, 1 * ? | = ?. Now let's say you change the Administrator | password, what have you gotten? Unknown * unknown = | unknown, or ? * ? = ?. You've changed the equation | but not the outcome. I realize that changing the | name prevents automated attacks but can't this be | defeated by not allowing direct remote Administrator | access? (no VPN account, no OWA account, servers | locked up in a datacenter...) | | Basically what I'm asking is whether changing the | account name is a fundamental princple or just icing | on the cake. | | Derick Anderson --------------------------------------------------------------------------- ---------------------------------------------------------------------------
