Rename administrator account policy affects domain admin u..

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I've had this annoying problem forever on Windows 2000 GPOs and am
wondering if there is a solution.

I have created a GPO that renames the local administrator account on all of
our workstations using the "Rename Administrator Account" under Local
Policies -> Security Option. I apply this at the domain level.

The problem is the GPO also affects the pre-Windows 2000 logon name for the
domain administrator account. This causes no end of troubles since that is
the account name used by some service accounts.

First of all, why is this GPO for renaming a LOCAL administrator account
affecting the domain administrator account and second, how do I stop this
from happening?

Any ideas?
2 answers Last reply
More about rename administrator account policy affects domain admin
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    You need to disable this policy on the default Domain Controller policy. The
    lower level policy still applies if other policies are set to not defined.
    As for why a Domain Administrator account is a local account for a DC.
    "Jay Scovill" <jscovill@nospam.accubid.com> wrote in message
    news:Xns95096EAD4A00Fjscovillaccubidcom@207.46.248.16...
    > I've had this annoying problem forever on Windows 2000 GPOs and am
    > wondering if there is a solution.
    >
    > I have created a GPO that renames the local administrator account on all
    of
    > our workstations using the "Rename Administrator Account" under Local
    > Policies -> Security Option. I apply this at the domain level.
    >
    > The problem is the GPO also affects the pre-Windows 2000 logon name for
    the
    > domain administrator account. This causes no end of troubles since that
    is
    > the account name used by some service accounts.
    >
    > First of all, why is this GPO for renaming a LOCAL administrator account
    > affecting the domain administrator account and second, how do I stop this
    > from happening?
    >
    > Any ideas?
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Two things:

    First, I can't disable the policy in the Default Domain Controller GPO.
    It's either Not Defined or I have to define the name I want the
    administrator user account renamed to. I suppose I could just define it as
    the name I want it to be. But see the second point.

    Second, I have turned off inheritence to the Domain Controllers OU so that
    domain policy that renames the admin user account isn't even being applied
    to the Default Domain Controller OU yet it is still affecting the domain
    administrator account.


    "Richard McCall [MSFT]" <richmcc@online.microsoft.com> wrote in
    news:uigxOQxUEHA.2816@TK2MSFTNGP11.phx.gbl:

    > You need to disable this policy on the default Domain Controller
    > policy. The lower level policy still applies if other policies are
    > set to not defined. As for why a Domain Administrator account is a
    > local account for a DC. "Jay Scovill" <jscovill@nospam.accubid.com>
    > wrote in message
    > news:Xns95096EAD4A00Fjscovillaccubidcom@207.46.248.16...
    >> I've had this annoying problem forever on Windows 2000 GPOs and am
    >> wondering if there is a solution.
    >>
    >> I have created a GPO that renames the local administrator account on
    >> all
    > of
    >> our workstations using the "Rename Administrator Account" under Local
    >> Policies -> Security Option. I apply this at the domain level.
    >>
    >> The problem is the GPO also affects the pre-Windows 2000 logon name
    >> for
    > the
    >> domain administrator account. This causes no end of troubles since
    >> that
    > is
    >> the account name used by some service accounts.
    >>
    >> First of all, why is this GPO for renaming a LOCAL administrator
    >> account affecting the domain administrator account and second, how do
    >> I stop this from happening?
    >>
    >> Any ideas?
    >
    >
    >
Ask a new question

Read More

Policy Domain Windows 2000 Windows