Windows Administrator account - is it removable?

SunnyD

Belgian Waffler
Jan 2, 2001
32,674
146
106
www.neftastic.com
From a security standpoint, my question is on a Windows NT/2k/XP install, can you remove the default Administrator account? I would obviously replace it with another account, but does anything require the actual "Administrator" account on the system? Is it safe to remove? Is it even removable?
 

stash

Diamond Member
Jun 22, 2000
5,468
0
0
How would removing the Administrator account and replacing it with another account (presumably with admin rights) improve the security of your system?
 

Woodie

Platinum Member
Mar 27, 2001
2,747
0
0
No, you cannot remove the "Administrator" account.

As mentioned above, best way is to rename it to something innocuous, and then create a disabled, completely unprivileged account called...."Administrator".
 

Woodie

Platinum Member
Mar 27, 2001
2,747
0
0
A few chuckles! :D

Nothing much from a security perspective...just one more distraction for the unskilled "cracker" :)
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
Even with no account it's still a distraction, NT doesn't differentiate between bad username and bad password for that reason.
 

Woodie

Platinum Member
Mar 27, 2001
2,747
0
0
Point being that once the attacker manages to enumerate the user accounts on the system, they'll still go after the low-value, low-privileged "Administrator" account. Assuming of course that they're not looking at the SIDs when targetting accounts to go after.
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
They shouldn't be able to enumerate the accounts, you should have restrict anonymous enabled.
 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
if you know the username half of username/password, then the battle is halfway over. Do you allow root ssh/telnet access to your linux box? This is an effective way of further securing the machine.
 

statik213

Golden Member
Oct 31, 2004
1,654
0
0
Control Panel -> Admin. Tools -> Local Security Policy

then,

Security Settings -> Local Policies -> Security Options

Hunt for,
Accounts: Rename administrator accout, right click -> properties

 

stash

Diamond Member
Jun 22, 2000
5,468
0
0
If you don't have a domain, there's no need to do all that work and edit the local policy. Just go into compmgmt.msc, local users and groups, users and rename the account.