Renaming Administrator Account Not An Effective Security Technique

Many security conscious admins will rename the administrator account on their Windows server to hide it from prying eyes. What they do not realize is that changing the administrator name does not change the account Security Identifier (SID). The SID is a unique number given to objects in a Windows environment.  Windows permissions are based on Access Control Lists (ACLs) that use the SID to identify the actual user.

Renaming the Administrator account does not change the account SID. The administrator SID always ends with 500, the Guest account ends with 501. Any created user accounts have SIDs that end with numbers starting with 1000 and increment as each user is added. 

Utilities exist that display the SID, even on a remote computer. So the administrator account, even when renamed will be easily identifiable. Also, many times the actual user names can be remotely decoded by their SIDs.

Some techniques to defend against this include not using the Administrator account or to give it a complex password. Some admins give the administrator account a very long password, then remove the rights from the account. This way a novice hacker may spend a long time trying to hack the account, only to find out that its privileges have been removed.  

~ by D. Dieterle on March 15, 2010.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: