Not really. All this fooling about with the local admin accounts is fun, but mostly beside the point - except as a canary, for which you have to set up some sort of remote logging scheme and the infrastructure necessary to keep tabs on attempted logins..
Once you get to the point of creating a new administrator account, you're either going to make it a member of the local Administrators group, which, IIRC (net localgroup), anyone with rights can enumerate, or you're going to grant it rights directly, in which case a) the user exists as part of the local user base, which is enumerable, and b) which account in the local user base has those administrator rights is also discoverable/enumerable.- if in no other way then at least by examining NTFS permissions on the %systemroot% folder to see which accounts have rights there. Kurt On Mon, Jan 16, 2012 at 12:07, Heaton, Joseph@DFG <jhea...@dfg.ca.gov> wrote: > Shouldn’t you also disable the default local Administrator account, and > create a new one, NOT named Administrator? > > > > Joe Heaton > > ITB – Windows Server Support > > > > From: ed ziots [mailto:ezi...@hotmail.com] > > Sent: Sunday, January 15, 2012 2:49 PM > To: Heaton, Joseph@DFG; NT System Admin Issues > > Subject: RE: Quarterly Admin password change > > > > +1, that is pretty easy one. Also make sure you rename it to something else > than "Administrator" and create a dummy admin account which is only a > "Guest" and disabled, and audit its attempted use for audit and incident > response purposes. > > Also can script it out with cusrmgr.exe from the Windows 2000 resource kit. > > Z > > Edward E. Ziots > Senior Informational Security Engineer > CISSP,Security +,Network+ > > > >> From: mich...@smithcons.com >> To: ntsysadmin@lyris.sunbelt-software.com >> Subject: RE: Quarterly Admin password change >> Date: Sun, 15 Jan 2012 22:42:35 +0000 >> >> Easy to do with GPP or with a script. >> >> Regards, >> >> Michael B. Smith >> Consultant and Exchange MVP >> http://TheEssentialExchange.com >> >> -----Original Message----- >> From: Juned Shaikh [mailto:jsha...@gmail.com] >> Sent: Sunday, January 15, 2012 5:16 PM >> To: NT System Admin Issues >> Subject: Quarterly Admin password change >> >> I am trying to identify how are you folks managing the security >> requirement of changing Local admin password of all servers quarterly? >> >> Thanks in advance, >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
