Sign in with
Sign up | Sign in
Your question

Rename administrator account policy affects domain admin u..

Last response: in Windows 2000/NT
Share
Anonymous
June 15, 2004 11:52:48 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I've had this annoying problem forever on Windows 2000 GPOs and am
wondering if there is a solution.

I have created a GPO that renames the local administrator account on all of
our workstations using the "Rename Administrator Account" under Local
Policies -> Security Option. I apply this at the domain level.

The problem is the GPO also affects the pre-Windows 2000 logon name for the
domain administrator account. This causes no end of troubles since that is
the account name used by some service accounts.

First of all, why is this GPO for renaming a LOCAL administrator account
affecting the domain administrator account and second, how do I stop this
from happening?

Any ideas?
Anonymous
June 16, 2004 5:35:03 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

You need to disable this policy on the default Domain Controller policy. The
lower level policy still applies if other policies are set to not defined.
As for why a Domain Administrator account is a local account for a DC.
"Jay Scovill" <jscovill@nospam.accubid.com> wrote in message
news:Xns95096EAD4A00Fjscovillaccubidcom@207.46.248.16...
> I've had this annoying problem forever on Windows 2000 GPOs and am
> wondering if there is a solution.
>
> I have created a GPO that renames the local administrator account on all
of
> our workstations using the "Rename Administrator Account" under Local
> Policies -> Security Option. I apply this at the domain level.
>
> The problem is the GPO also affects the pre-Windows 2000 logon name for
the
> domain administrator account. This causes no end of troubles since that
is
> the account name used by some service accounts.
>
> First of all, why is this GPO for renaming a LOCAL administrator account
> affecting the domain administrator account and second, how do I stop this
> from happening?
>
> Any ideas?
Anonymous
June 16, 2004 1:26:55 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Two things:

First, I can't disable the policy in the Default Domain Controller GPO.
It's either Not Defined or I have to define the name I want the
administrator user account renamed to. I suppose I could just define it as
the name I want it to be. But see the second point.

Second, I have turned off inheritence to the Domain Controllers OU so that
domain policy that renames the admin user account isn't even being applied
to the Default Domain Controller OU yet it is still affecting the domain
administrator account.









"Richard McCall [MSFT]" <richmcc@online.microsoft.com> wrote in
news:uigxOQxUEHA.2816@TK2MSFTNGP11.phx.gbl:

> You need to disable this policy on the default Domain Controller
> policy. The lower level policy still applies if other policies are
> set to not defined. As for why a Domain Administrator account is a
> local account for a DC. "Jay Scovill" <jscovill@nospam.accubid.com>
> wrote in message
> news:Xns95096EAD4A00Fjscovillaccubidcom@207.46.248.16...
>> I've had this annoying problem forever on Windows 2000 GPOs and am
>> wondering if there is a solution.
>>
>> I have created a GPO that renames the local administrator account on
>> all
> of
>> our workstations using the "Rename Administrator Account" under Local
>> Policies -> Security Option. I apply this at the domain level.
>>
>> The problem is the GPO also affects the pre-Windows 2000 logon name
>> for
> the
>> domain administrator account. This causes no end of troubles since
>> that
> is
>> the account name used by some service accounts.
>>
>> First of all, why is this GPO for renaming a LOCAL administrator
>> account affecting the domain administrator account and second, how do
>> I stop this from happening?
>>
>> Any ideas?
>
>
>
!