Monday, June 2, 2003, 4:19:26 AM, you wrote: JT> I strongly suggest renaming the local Administrator and Guest account JT> to something that is not easily guessed at. In addition, you should JT> probably create "dummy" accounts named "Administrator" and "Guest" JT> that have no rights/no group memberships and are disabled. Monitor JT> the dummy accounts closely for log in attempts.
Just one note. It's always possible to determine whether user is built-in administrator by SID value. I belive administrator account has SID=500 and guest SID=501 even if renamed. And dummy accounts won't have such SID values. If Null-sessions are open (it's done by default), attacker can get SID values along with privilege and group name. Thus, renaming administrator account may prevent from attacking only by script-kiddies. Built-in accounts should be renamed anyway. But, also you need to set a complicated password and hack a registry. I'm not sure, but maybe it can be done by Local Policy snap-in instead of direct registry changes. I belive there is "Additional restrictions of anonymous connections". So, be careful. -- Best regards, Martchukov Anton aka VH mailto:[EMAIL PROTECTED] --------------------------------------------------------------------------- ----------------------------------------------------------------------------
