Focus on Microsoft
Administrator in Domain Admins group Jan 31 2011 03:58PM
Shang Tsung (shangtsung71 gmail com) (3 replies)
RE: Administrator in Domain Admins group Jan 31 2011 07:21PM
Laura A. Robinson (lrobinson technologist com)
RE: Administrator in Domain Admins group Jan 31 2011 06:16PM
Michael Sturtz (Michael Sturtz PACCAR com) (1 replies)
The "Built in Administrator" account CAN be deleted however it is strongly cautioned against doing this. One of the reasons is it is the account that is used in safe mode should a disaster occur. If the built in Administrator account is locked out you can reboot the system in safe mode (by hitting the F8 key at startup) and still logon to the account and fix your system. If you delete or remove the built in administrator account you will be unable to logon to the system. I would recommend renaming the built in administrator account to a different name and then creating a new account named Administrator that is not a member of the Administrators or Domain Administrators group and is disabled. This account is a decoy to prevent nuisance attacks on your default administrator account.
Michael Sturtz

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Shang Tsung
Sent: Monday, January 31, 2011 7:58 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Administrator in Domain Admins group

After an audit, I noticed that in the Domain Admins group of our domain, there is an account named Administrator. As my engineers told me, this account is created by default when you create a new domain and cannot be deleted or disabled. Is this true? I am not convinced yet.

We do not like general purpose accounts like this because we lose accountability. I am pretty sure the password of that account is in the hands of people who are not supposed to have it. Each domain admin has his own account who is in the Domain Admins group, so there is no need for this Administrator account.

Can we delete it? And if yes, what would be the consequences?

Thanks,
Shang Tsung

[ reply ]
RE: Administrator in Domain Admins group Feb 08 2011 10:16AM
James D. Stallard (james leafgrove com)
RE: Administrator in Domain Admins group Jan 31 2011 06:00PM
Staats, Ryan (ryan staats sno wednet edu)


 

Privacy Statement
Copyright 2010, SecurityFocus