Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2
This procedure eliminates any information that can alert attackers that this account has elevated privileges. Although an attacker would still need the password, hiding the default Administrator account by renaming it adds an additional layer of protection against password attacks seeking elevation of privilege.
Requirements
Credentials: Domain Admins
Tools: Active Directory Users and Computers
Log on with Domain Admins credentials, and then open Active Directory Users and Computers.
In the console tree, click Users.
By default, the Administrator account is in the Users container. However, if you have already created a Service Admin subtree, the Administrator account might have been moved to the Users and Groups OU in the new subtree.
In the details pane, right-click Administrator, and then click Rename.
Type a fictitious account name, and then press ENTER.
In the Rename User dialog box, change the Full name, First name, Last name, Display name, User logon name, and User logon name (pre-Windows 2000) values to match the new account name, and then click OK.
In the details pane, right-click the renamed account object, and then click Properties.
On the General tab, change the Description to resemble other user accounts.
On the Account tab, change Account options if needed.
Note
This procedure changes only the default Administrator account’s logon name and account details, which someone can see if they manage to enumerate a list of accounts on your system. This procedure does not affect the ability to use the Administrator account to boot into Directory Services Restore Mode.