The Administrator account (NT AUTHORITY\Administrator) exists by default on all Microsoft Windows (Windows NT-based) systems and Active Directory domains. It is typically used as a setup and disaster recovery account.
If you must use the local administrator account, only use it during setup and to join the machine to the domain. After this, it should no longer be needed. If the account is needed for recovery or to boot into safe mode, the account will be automatically re-enabled for use only in troubleshooting. Once the system is booted again normally, it is disabled.
Conversely, you could assign passphrases that are random and unique for each computer’s local administrator account. This would prevent propagation using shared local administrator credentials. However, ideally this account should just be disabled.
In the SECMON1 blog post ‘Security Overview – Information Security Essentials’ , we spoke about what the Local Administrator account is for and why it is an essential security measure to disable it.
In this document, we are going to provide some basic steps to assist in disabling this account, as well as providing you with some interesting and important links where you can educate yourself further on this topic and identify other options available to you.
CLICK HERE TO DOWNLOAD THIS SECMON1 INFORMATION SECURITY ESSENTIALS GUIDE
In an intriguing development, recent trends in Australia's retail sector—namely, a decline in men's underwear…
If you work in the Finance Department of your company your email account might…
Information Theft - What is the Risk? Our research has shown that around 68%…
The Impacts of a Cyber Attack In your personal life and as an employee,…
The Data Governance Watershed "You've been breached!" These are words none of us want to…
CASE STUDY (5 Min read) The following case study details a case where SECMON1 was…