locked
Administrator Account RRS feed

  • Question

  • What is a common best practise when it comes to Active Directory "administrator" account?

    Should be deleted or renamed and disabled?


    paddy ryan
    Tuesday, December 22, 2009 12:13 PM

Answers

  • Renaming should be all you need to do with a strong password associated with it. I would not delete it.
    Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:ES, SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com
    • Marked as answer by pajoryan123 Wednesday, December 23, 2009 8:11 AM
    Wednesday, December 23, 2009 4:22 AM

All replies

  • Renaming should be all you need to do with a strong password associated with it. I would not delete it.
    Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:ES, SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com
    • Marked as answer by pajoryan123 Wednesday, December 23, 2009 8:11 AM
    Wednesday, December 23, 2009 4:22 AM
  • Hi paddy,

     

    Besides renaming the default Administrator account, you can also create a decoy Administrator Account. Please refer to the "Protecting the Administrator Account" section in the following article:

     

    Securing Active Directory Administrative Groups and Accounts

    http://technet.microsoft.com/en-us/library/cc700835.aspx

     

    Meanwhile, there are some other basic steps you can take to protect the Administrator account, such as "Reset the description" and "Configure a complex password for the account". Please refer to:

     

    Protecting the Administrator Account

    http://www.windowsecurity.com/articles/Protecting-Administrator-Account.html

     

    Regards,

    Bruce

    Wednesday, December 23, 2009 10:10 AM