The SID for builtin local admin account is always the same across machines (or at least was in 2000-2003). New accounts are never the same.
From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Thursday, January 05, 2012 6:54 AM To: NT System Admin Issues Subject: Re: GPO reset of local non-builtin accounts Re #2....why would you disable the local admin account and create a new one instead of just renaming the local admin account? On Wed, Jan 4, 2012 at 6:04 PM, James Hill <falc...@gmail.com<mailto:falc...@gmail.com>> wrote: 1. You'd still have a local admin account. I prefer to used restricted groups GPO so that it forces the local admin memberships. 2. Yes, not sure how really effective it is though apart from being one more step to take when attempting a breach. From: David Lum [mailto:david....@nwea.org<mailto:david....@nwea.org>] Sent: Thursday, 5 January 2012 8:18 AM To: NT System Admin Issues Subject: RE: GPO reset of local non-builtin accounts Good suggestion. Questions: 1. If you need to log on locally and the domain is unavailable (it happens), how do you log in? 2. Isn't it best practice to disable the builtin admin account and use a new local admin account with a different name? IIRC #2 was suggested practice years ago (I can't remember from where). Dave From: ed ziots [mailto:ezi...@hotmail.com]<mailto:[mailto:ezi...@hotmail.com]> Sent: Wednesday, January 04, 2012 1:37 PM To: NT System Admin Issues Subject: RE: GPO reset of local non-builtin accounts You can use cusrmgr.exe from the Windows 2000 Resource kit tools to script out the GPO changes. Better yet, as mentioned earlier it would be best to control who is in your local administrators to domain based accounts that are added by GPO/GPP and remove any others from those privileged groups. HTH, Sincerely, EZ Edward E. Ziots Senior Informational Security Engineer CISSP,Security +,Network+ > From: kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org> > To: > ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com> > Date: Wed, 4 Jan 2012 13:39:08 -0500 > Subject: RE: GPO reset of local non-builtin accounts > > Then convert it to an exe or encrypt it to help keep prying eyes out of it. > > http://www.abyssmedia.com/quickbfc/ > > > -----Original Message----- > From: Matthew W. Ross > [mailto:mr...@ephrataschools.org]<mailto:[mailto:mr...@ephrataschools.org]> > Sent: Wednesday, January 04, 2012 1:37 PM > To: NT System Admin Issues > Subject: RE: GPO reset of local non-builtin accounts > > Try: > > net user localuser n3wP@ssw0rd > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: David Lum > [mailto:david....@nwea.org]<mailto:[mailto:david....@nwea.org]> > To: NT System Admin Issues > [mailto:ntsysadmin@lyris.sunbelt-software.com]<mailto:[mailto:ntsysadmin@lyris.sunbelt-software.com]> > Sent: Wed, 04 Jan 2012 > 10:27:38 -0800 > Subject: RE: GPO reset of local non-builtin accounts > > > > Ohh..do tell - have a script handy that I can modify? > > > > From: Michael B. Smith > > [mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]> > > Sent: Wednesday, January 04, 2012 10:21 AM > > To: NT System Admin Issues > > Subject: RE: GPO reset of local non-builtin accounts > > > > Startup/boot script? > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com<http://theessentialexchange.com/> > > > > From: David Lum > > [mailto:david....@nwea.org]<mailto:[mailto:david....@nwea.org]><mailto:[mailto:david....@nwea.org]> > > Sent: Wednesday, January 04, 2012 1:14 PM > > To: NT System Admin Issues > > Subject: GPO reset of local non-builtin accounts > > > > Is there a way to GPO a password change of added-in local machine > > accounts if the account is the same across all systems? I can do it > > easily enough with the BuiltIn ones, but see no GPO way to do added ones. > > David Lum > > Systems Engineer // NWEATM > > Office 503.548.5229<tel:503.548.5229> // Cell (voice/text) > > 503.267.9764<tel:503.267.9764> > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to > > listmana...@lyris.sunbeltsoftware.com<mailto:listmanager@lyris.sunbelt<mailto:listmana...@lyris.sunbeltsoftware.com%3cmailto:listmanager@lyris.sunbelt> > > software.com<http://software.com/>> > > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to > > listmana...@lyris.sunbeltsoftware.com<mailto:listmanager@lyris.sunbelt<mailto:listmana...@lyris.sunbeltsoftware.com%3cmailto:listmanager@lyris.sunbelt> > > software.com<http://software.com/>> > > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to > > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
