Educause Security Discussion mailing list archives
Re: Reviewing Security Policy
From: "Sabo, Eric" <Eric.Sabo () CUP EDU>
Date: Thu, 6 Mar 2008 11:16:20 -0500
That article was great! Thanks! If you do any of these settings via group policy and the machine is removed from the domain - does it automatically give you access to the local administrator account once again ? Would that be on the first boot ? -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jenkins, Matthew Sent: Thursday, March 06, 2008 11:01 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Reviewing Security Policy Here is a good article: http://www.windowsecurity.com/articles/Protecting-Administrator-Account. html I agree with Lee. I would disable and/or rename the administrator account via GPO, and create local administrator accounts with hard to guess names and very complex passwords that are different for each server. The complex passwords also get your server administrators out of the habit of logging in to the local accounts. All default administrator accounts use the same SID so it is easy for an attacker to find the default administrator account, even if it is renamed. You need some sort of backdoor account in case the system loses domain access. We have had instances in the past where network reasons prevent servers from communicating to the DCs, and the only way to resolve it is to login with local administrative privileges. Matt Matthew Jenkins Network/Server Administrator Fairmont State University Visit us online at www.fairmontstate.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sabo, Eric Sent: Thursday, March 06, 2008 10:50 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Reviewing Security Policy Both of these methods are on servers. Do you use group policy to do the rename? What about desktops? -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Lee Weers Sent: Thursday, March 06, 2008 10:47 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Reviewing Security Policy On the systems I manage I rename the local admin account to something other than Administrator, root, or admin. On the servers each local admin account is different for each server. At another job we disabled the local admin account and created an account named Backdoor that had local admin privileges. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sabo, Eric Sent: Thursday, March 06, 2008 9:31 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Reviewing Security Policy We are reviewing our current security policy for our Microsoft products. We use MSBA all the time but we were wondering if there are any better free tools out there to seek our vulnerabilities in Microsoft products. How does every handle their local admin accounts for their windows desktop? We are thinking about disabling the local administrator account via group policy, has anyone ever attempted to do this? Are there any other methods we could use? Thanks in advance, Eric Sabo
Current thread:
- Reviewing Security Policy Sabo, Eric (Mar 06)
- <Possible follow-ups>
- Re: Reviewing Security Policy Holland, Richard H (Mar 06)
- Re: Reviewing Security Policy Lee Weers (Mar 06)
- Re: Reviewing Security Policy Sabo, Eric (Mar 06)
- Re: Reviewing Security Policy Jenkins, Matthew (Mar 06)
- Re: Reviewing Security Policy Sabo, Eric (Mar 06)
- Re: Reviewing Security Policy Jenkins, Matthew (Mar 06)