Windows 2000 user accounts

Archived from groups: 24hoursupport.helpdesk,microsoft.public.security,microsoft.public.win2000.security,uk.comp.security (More info?)

Looking for some info/advice please ...

* Fresh install of Win2000 completed (Administrator account setup
automatically by Windows).
* Renamed Administrator account from "Administrator" to something else.
Someone once advised me to do this but didn't explain why.
* Created two Power User accounts for general day to day use. Both used to
connect to the internet.

Questions:

1) Why is it a good idea to rename the Adminstrator account?
2) Why is it not a good idea to connect to the internet using the
"Administrator" account?
3) Would it be OK to connect to the Internet using the renamed account that
has administrator rights?

Many thanks,

NP.
2 answers Last reply
More about windows 2000 user accounts
  1. Archived from groups: 24hoursupport.helpdesk,microsoft.public.security,microsoft.public.win2000.security,uk.comp.security (More info?)

    The reason behind renaming the administrator account is because it is the
    top target for hackers/attackers since it is a well known name, an all
    powerful account, and can not be locked out. That risk is lower on a home
    type network behind a firewall for direct hack attempts. Renaming the
    administrator account, while advised, is not always effective since the
    built in administrator account has a well know SID which is the number the
    operating system assigns to users and groups. We see the name but the
    operating system uses the SID for rights and access control lists.

    The reason that it is a good idea to not use the administrator account
    unless you need it's extra rights is because many [not all] malwares use the
    rights of the logged on user to do their thing and many can not if you are
    not logged on as administrator. Such malwares may be worms/trojans/viruses
    that can be unleashed by opening email attachments, downloading and opening
    files that contain malware, and selecting "yes" when prompted by a website
    without reading the fine print to install something. Many malwares depend on
    discovered operating system vulnerabilities and can harm a computer no
    matter who is logged on. Blaster is such an example and it why it is so
    important to keep your computer current with critical updates from Windows
    Updates which can be done automatically. Some malwares also do a short
    attack on the built in administrator account which can be thwarted by using
    complex passwords and renaming it . You can connect to the internet with an
    account in the administrators group but it will not defend from instances of
    opening infected files/attachments or answering yes when you should have
    answered no. Using the recommended minimum IE security settings in the link
    below can help prevent some of that along with running an antivirus program
    such as Norton that can monitor the computer for malicious activity such as
    scripts being run and warn you and ask you if you want to run the script or
    not AND scans all your emails and downloads. The last link is the bare
    minimum security steps that all users should be using. --- Steve

    http://mvps.org/winhelp2002/unwanted.htm
    http://www.microsoft.com/athome/security/protect/default.aspx -- Microsoft
    Protect Your PC link


    "NP" <-@-.com> wrote in message
    news:41724c40$0$22878$cc9e4d1f@news-text.dial.pipex.com...
    > Looking for some info/advice please ...
    >
    > * Fresh install of Win2000 completed (Administrator account setup
    > automatically by Windows).
    > * Renamed Administrator account from "Administrator" to something else.
    > Someone once advised me to do this but didn't explain why.
    > * Created two Power User accounts for general day to day use. Both used to
    > connect to the internet.
    >
    > Questions:
    >
    > 1) Why is it a good idea to rename the Adminstrator account?
    > 2) Why is it not a good idea to connect to the internet using the
    > "Administrator" account?
    > 3) Would it be OK to connect to the Internet using the renamed account
    > that
    > has administrator rights?
    >
    > Many thanks,
    >
    > NP.
    >
    >
  2. Archived from groups: microsoft.public.security,microsoft.public.win2000.security (More info?)

    Hi,

    1) Administrator account is the one that "bad" guys want to get. This is the
    account that never locks out and is usually always active in Windows
    environment (I windows 2000 you can't even disable it). So now I now the
    account name (administrator) all I have to do is figure out the password and
    usually what will help me here is some commonly used passwords. There are
    pretty good dictionaries out there that will run one word after another till
    they find the password (if it is not complex enough). Since administrator
    account never locks out I should be able to get this password pretty fast...
    Now if you rename the account I can't perform this kind of attack since the
    account does not exist. In my practice I go usually one step further and
    after I rename "Administrator" account to "Joe" or "Ben" or ... I create new
    account with username Administrator. This account does not hold the
    administrator privileges and can be locked out. Now all I have to do is
    disable the account and monitor for attempted use of this account to figure
    out if someone is trying to "hack" me...

    2) Administrator is a very powerful account. It has permissions to install
    the software and if this is domain account it has permissions to access
    other computers on the network. If I logon with administrator account (or
    even any other account that has administrative or similar privileges) and
    download malicious peace of software or open malicious e-mail it will first
    install the malicious code on my computer then spread it all over the
    network with my administrator privileges... Don't just rely on your
    antivirus with this. This code can be quite simple and overlooked by
    antivirus (e.g. simple vbs script that will erase part of the disks, ...)...
    This is why usually users in domain will only have ordinary user permissions
    on their computer. Even if they receive some malicious code they will not be
    allowed to execute it.
    Personally I always use ordinary user account for my day-to-day tasks
    (writing e-mails, documents etc...). If I need to run the program as e.g.
    domain administrator I will usually use "Run As" command to execute the
    program like "Active Directory Users and Computer" or other programs that
    might need administrator privileges...

    3) If you check my answer under #2 you will see that rename account will not
    help you out in this case. It still has administrator privileges that will
    execute any even malicious code.

    I hope this helps,

    Mike

    "NP" <-@-.com> wrote in message
    news:41724c40$0$22878$cc9e4d1f@news-text.dial.pipex.com...
    > Looking for some info/advice please ...
    >
    > * Fresh install of Win2000 completed (Administrator account setup
    > automatically by Windows).
    > * Renamed Administrator account from "Administrator" to something else.
    > Someone once advised me to do this but didn't explain why.
    > * Created two Power User accounts for general day to day use. Both used to
    > connect to the internet.
    >
    > Questions:
    >
    > 1) Why is it a good idea to rename the Adminstrator account?
    > 2) Why is it not a good idea to connect to the internet using the
    > "Administrator" account?
    > 3) Would it be OK to connect to the Internet using the renamed account
    that
    > has administrator rights?
    >
    > Many thanks,
    >
    > NP.
    >
    >
Ask a new question

Read More

Security Windows 2000 Connection User Accounts Microsoft Windows