If you fear it's been compromised, just change the password. The important point to note is that anyone with domain admin credentials can simply modify the password of that account at any time, just as anyone with domain admin credentials can great a dummy account, futz about, and then delete it. If you have no live auditing tools (like me), it'll likely be missed.
The obvious thing to note here is that if you have any other systems relying on that administrator account for credentialing, changing the password would break that. Try as I might, just when I think I've removed its use from every system I have, I find another thing I didn't know someone used it for. We have a problem with domain admins as well... problem is that they're actually granted those permissions intentionally. *sigh* MS's guide to securing the AD Admin account recommends renaming it to a bogus user account name. : http://technet.microsoft.com/en-us/library/cc700835.aspx -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Shang Tsung Sent: Monday, January 31, 2011 7:58 AM To: [email protected] Subject: Administrator in Domain Admins group After an audit, I noticed that in the Domain Admins group of our domain, there is an account named Administrator. As my engineers told me, this account is created by default when you create a new domain and cannot be deleted or disabled. Is this true? I am not convinced yet. We do not like general purpose accounts like this because we lose accountability. I am pretty sure the password of that account is in the hands of people who are not supposed to have it. Each domain admin has his own account who is in the Domain Admins group, so there is no need for this Administrator account. Can we delete it? And if yes, what would be the consequences? Thanks, Shang Tsung
