The local administrator account resides on every Windows Server and is usually in an enabled state. This account is a major security vulnerability and is commonly prone to hacking attempts.
Security flaws with this account include:
Quote from Microsoft https://technet.microsoft.com/en-us/library/jj852165.aspx"
"The built-in Administrator account cannot be locked out no matter how many failed logons it accrues, which makes it a prime target for brute-force attacks that attempt to guess passwords. Also, this account has a well-known security identifier (SID), and there are non-Microsoft tools that allow authentication by using the SID rather than the account name. Therefore, even if you rename the Administrator account, an attacker could launch a brute-force attack by using the SID to log on. All other accounts that are members of the Administrator's group have the safeguard of locking out the account if the number of failed logons exceeds its configured maximum."
If security if your top concern, my recommendation is to disable this account and always create a new Administrator account regardless if it is the default domain Administrator account or default local Administrator account.
Need IT Support in Perth, give me a call now on 08 9468 7575
Security flaws with this account include:
- This account cannot be locked out and does not adhere to local or domain account lockout password policies. This allows brute force attacks to be conducted against the account.
- The local administrator account is a well known SID, it always begins with S-1-5- and end with -500. There are also tools allowing you to login with a SID rather then an account name so an attacker could launch a brute force without knowing the account!
Quote from Microsoft https://technet.microsoft.com/en-us/library/jj852165.aspx"
"The built-in Administrator account cannot be locked out no matter how many failed logons it accrues, which makes it a prime target for brute-force attacks that attempt to guess passwords. Also, this account has a well-known security identifier (SID), and there are non-Microsoft tools that allow authentication by using the SID rather than the account name. Therefore, even if you rename the Administrator account, an attacker could launch a brute-force attack by using the SID to log on. All other accounts that are members of the Administrator's group have the safeguard of locking out the account if the number of failed logons exceeds its configured maximum."
If security if your top concern, my recommendation is to disable this account and always create a new Administrator account regardless if it is the default domain Administrator account or default local Administrator account.
Need IT Support in Perth, give me a call now on 08 9468 7575
ConversionConversion EmoticonEmoticon