Deleting the admin account? Thoughts
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Deleting the admin account? Thoughts

  1. #1

    Deleting the admin account? Thoughts

    I've seen various posts and times about people recommending the deletion of the (or changing the name of) the Administrator account to give crackers and hackers a harder time at system penetration through the login. However, I would like to discuss this much further. I can see how changing the default Administrator may buy you time while they search for the admin's new login name, but what also understand is that the deletion or change of the administrator account can have negative impacts upon the system. I see it as an "unknown" variable, in which you won't ever really know if functionality is limited behind the screens on certain programs, because they require a check for the term Administrator on the login.

    recovery console (on XP based systems) will prove to be incapable of functioning because it requires the "Administrator". Without it, you can't repair disk sectors, master boot records, drive functionality, and so forth and so forth. You cripple one of the strongest recovery tools in the XP distro.

    This applies to certain other version of Windows as well as some programs running on them. So, while it may buy you a few days for them to discover the newer login name, is it work the risk of breaking compatability with software, recovery methods, and general "I don't know for fact or certainty that nothing unexpected will happen on my system due to the name change of a primary OS login, so it's safer to not do it".

    Thoughts?

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I generally just set a strong password or passphrase on it. I don't know about changing the name but I don't think I would ever delete the account. I'm sure changing the name has the same effect though. On the other hand, I've experienced on windows that if you try and change a username, it makes almost an alias and keeps the other user stuff. So you can still login with both. That was for my account, but I don't know if it also holds true for the admin account. If that's the case, changing the name gets you nothing. So I guess if it's up to me just throw a strong passphrase on the admin account and pray. Really they should never get to where they have the opporitunity to input a username and password.

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    AFAIK, you can't delete the administrator account anyways and even with a rename (simply security through obscurity), it can be found. Tools like SID2USER and USER2SID (I think that's what they are called) can help with this.

    That said, I don't think it can be done since there are so many tasks that require admin specifically (GID 500 that is). It'd be like deleting root on a *nix box. I can't imagine that one would be able to do it since even booting requires root.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    MsMittens: Ah, just noticed that. Looked into it a bit more and it turns out they can only be renamed, but not deleted. This does change things since it may in fact keep the term Administrator
    but not the login, as h3r3tic pointed out. So.. now brings the question:


    Are there any side effects to renaming the administrator account to something else? Does recovery still work? Any program incompatabilities? I'd love to test, but I've got far too much number crunching on this computer right now.


    Really they should never get to where they have the opporitunity to input a username and password.
    No, I agree. But we aren't talking about local or remote security overall, just this theory

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    AFAIK, there are no side effects since I would think most programs look for the SID/GID information if they need something to run. I know (as I've seen this) if the SID/GID gets corrupted for whatever reason, you are screwed (read: rebuild yer box). That would lead me to believe that a rename is no different than just changing root to toor.

    At least with the programs I've used I never had problems. Doesn't mean that someone didn't write a program that looks specifically for the name Administrator.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324

    Re: Deleting the admin account? Thoughts

    Originally posted here by pooh sun tzu

    System restore from the console (on XP based systems) will prove to be incapable of functioning because it requires the "Administrator". Without it, you can't repair disk sectors, master boot records, drive functionality, and so forth and so forth. You cripple one of the strongest recovery tools in the XP distro.
    Thoughts?
    I ran into this a while ago and while trying different things put in a 2k disc.
    (This was way before the "vulnerability" for this was released... I posted on it...)

    You can use the 2K recovery console...
    It bypasses the registry and authentication and gives you full access to the filesystem.

    I regularly rename or disable the admin account. If I need that account... I can reinstall or reimage the machine. There is no need for the local admin account when your domain admin account will do the same thing... (well.. unless you're on a different IP scheme...) but there are still solutions for that. Put in a router and "fake" your WAN to the authentication servers...

    I don't rename or disable it on home machines though... just on work machines.

    If a home box gets compromised... big deal (IMO). Thats a lot easier to deal with.

    And MSM is right... it doesn't even matter if you do rename the admin account... it can be found out pretty easily.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    I'd like to know if you DO change the Admin account name, would you be able to change it BACK to 'administrator' as and when required ?

    I've read about changing names etc, but I've never really grasped whether you were supposed to change and leave it, or change it back ...............
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  8. #8
    Member
    Join Date
    Dec 2003
    Posts
    97
    As you can change the admin account through setting security policy (or domain-based group policy), it's straightforward to rename the account without any ill-effects, and change the name later.

    The only problems i've seen are related to older applications that rely on the currently logged in user being "Administrator" before they'll install...but that's rare.

  9. #9
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    I think it's a good idea to rename the administrator account. The SID does not change so
    recovery console and tools still work. You are prompted for the administrator password only
    and the renamed account password will still work.

    I change the account not to create road-blocks for human crackers as much as for
    the many worms running around that attempt to brute-force accounts named administrator.

    I have never seen any loss of functionality due to renaming the original administrator account.

    The word administrator is simply an easy to remember name like a dns name masking the actual
    account identification information.

    Are you sure that system restore is not meaning administrator in the logical sense as
    the recovery console does? I disable restore and have not used it.

    Although I'm sure it's been done, any software needing the account "administrator" to function
    would be poorly written and not worth using IMO.

    The notion of buying time can have limited value.

    I believe that risk management does allow for "unknown" variables as I don't think it possible
    to be certain that all is known. The line must be drawn somewhere and I suppose where each of us draws that line would be debated to no end..??

  10. #10
    Are you sure that system restore is not meaning administrator in the logical sense as
    the recovery console does?
    My mistake I meant recovery console not system recovery. Changed it in the parent post. Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •