locked
Administrator Account RRS feed

  • Question

  • We are looking to disable administrator account on one of our domains to force users to use their own credentials.

    Before doing so, would like to know if there is a PowerShell script available which can tell us if the account is being used anywhere.

    This can be a service or a running task or anything else which might be using the account.

     

    Monday, February 6, 2012 1:39 PM

Answers

All replies

  • The short answer is "No", there is no Powershell script that can do all this.  You can search for specific items, like credentials that services run under, but there is no catch-all script that can do what you want.
    Grant Ward, a.k.a. Bigteddy

    What's new in Powershell 3.0 (Technet Wiki)

    Network Live Audit - Powershell script
    Monday, February 6, 2012 1:55 PM
  • The "quick and dirty" test would be to just rename it by a leading or trailing character (if you can).

    If you get an immediate flag or alert, then you're answer's "yes, it's being used somewhere". If not, it's probably safe to disable it.

     

    You can find more information about renaming the Default Administrator Account here:

    http://technet.microsoft.com/en-us/library/dd378996(WS.10).aspx

    Monday, February 6, 2012 2:10 PM
  • How are the users able to use the administrator account? I suppose they must have been given the password. Change the password and reboot.

    If this is the domain administrator, you could define a logon script for it that would record where it was logging in.

    If the user accounts have domain admin privs, they will be able to reset the domain admin password and unlock the account. You could perhaps enable auditing to find out who has just reset its password.

    Monday, February 6, 2012 2:20 PM
  • For example, to find all services that run under a particular account, you could use something like this:

    $services = gwmi -Class win32_service 
    foreach ($service in $services) 
        {if ($service.startname -eq 'NT AUTHORITY\NetworkService') {$service.Name}}
    


    Grant Ward, a.k.a. Bigteddy

    What's new in Powershell 3.0 (Technet Wiki)

    Network Live Audit - Powershell script
    • Proposed as answer by Yan Li_ Tuesday, February 7, 2012 8:21 AM
    • Marked as answer by Yan Li_ Friday, February 10, 2012 4:54 AM
    Monday, February 6, 2012 2:50 PM