

The value of this countermeasure is lessened because this account has a well-known SID, and there are non-Microsoft tools that allow authentication by using the SID rather than the account name.

This capability makes the administrator account a popular target for brute-force attacks that attempt to guess passwords. The built-in administrator account can't be locked out, regardless of how many times an attacker might use a bad password. If a device is upgraded from a previous version of Windows, the account with the name administrator is retained with all the rights and privileges that were defined for the account in the previous installation. Beginning with Windows Vista, the person who installs the operating system specifies an account that is the first member of the Administrator group and has full rights to configure the computer so this countermeasure is applied by default on new installations. If you rename this account, it's slightly more difficult for unauthorized persons to guess this privileged user name and password combination. The Administrator account exists on all versions Windows 10 for desktop editions. This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. If this policy isn't contained in a distributed GPO, this policy can be configured on the local device by using the Local Security Policy snap-in. This policy setting can be configured by using the Group Policy Management Console (GPMC) to be distributed through Group Policy Objects (GPOs). Changes to this policy become effective without a computer restart when they're saved locally or distributed through Group Policy. This section describes features and tools that are available to help you manage this policy. Server type or GPOĬlient Computer Effective Default Settings Default values are also listed on the policy’s property page. The following table lists the actual and effective default values for this policy. Be sure to inform users who are authorized to use this account of the new account name.Ĭomputer Configuration\Windows Settings\Security Settings\Local Policies\Security Options Default values.Rename the Administrator account by specifying a value for the Accounts: Rename administrator account policy setting. The Accounts: Rename administrator account policy setting determines whether a different account name is associated with the security identifier (SID) for the administrator account.īecause the administrator account exists on all Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), renaming the account makes it slightly more difficult for attackers to guess this user name and password combination. This security policy reference topic for the IT professional describes the best practices, location, values, and security considerations for this policy setting.
