Renaming the Administrator (Owner) Account
Renaming the Administrator account is often held up as a panacea solution to deal with crackers. It is not! Crackers can use the SID to find the name of the account and hack that instead since the "real" Administrator account always has the easily identifiable 500- starter. However, it will make it more difficult and if you have followed our other advice to create a next to impossible to crack "real" Administrator password and you never use that account,
This is how you do it!
This is only valid for Windows XP Professional: VERY IMPORTANT - DO THIS STRAIGHT AWAY!
Where?
Administrator Tools | Computer Management | Local Users and Groups | User folder --> Right click "Administrator" and select "Rename." Do NOT disable this account. You may need it someday but definately disable the Guest account!
This is only valid for Windows XP Home: VERY IMPORTANT - DO THIS STRAIGHT AWAY!
Everyone on XP Home, by default, has Administrator privileges and the User name is "Owner."
If one person knows that then so does everyone else on the planet!
Change the name and password your account.
How?
Start | Control Panel | User Accounts | Choose "Owner" | Select "Change my name."
Also, you should (MUST) place a password on your account.
How?
Start | Control Panel | User Accounts | Choose "Owner" (or what ever account you named it above) --> Select "Create a password."
That's it
Renaming the Administrator account will usually stop script kiddies in the tracks and will annoy more determined crackers. When they first try to gain acccess, and assuming you have reasonable security, crackers will not know what the inherit or group permissions are for an account. They will try to hack any local account and then discover more information using that account. If you rename the account, do not to use the word 'Admin" in it's name since it will make it too easy again. Pick something unusual that doesn't sound important.
Unlike other Accounts, the Administrator user account cannot be locked out, unless you use passprop.exe as we detail in the relevant section. Typically, this means that people can try as many times as they like to crack this account. To make this more difficult, rename your administrative account to something else. Make it an innocuous name, change the account description to "User account," enter a very long (50+ up to 104 characters) and as difficult to guess a password as possible. Write the password down on a piece of paper and keep it somewhere safe. In most cases you will not need this again.
Never share this password with others and do not leave the paper anywhere where others might see it. Use the default Administrator account, which in Windows XP does not lock after excessive bad logon attempts, only for emergency access. Create an Administrator account that you use for installing programs (make sure you have a logon name that doesn't give away its purpose) and follow the advice on strong passwords in the section on passwords. Do not use any administrator account for every day logon access; make sure you create a normal user account for working. Preferably only use your newly created administrator account when offline.
Another alternative is that instead of operating with an Administrative account at all times, Windows XP allows you to use a normal account for your day-to-day activities (mail, memos, etc), but perform administrative tasks buy using RUNAS functionality.
This will allow you to run applications and utilities that require administrative rights without having to logoff and log back on (as you would have with previous versions of Windows NT). Thus, if you're normal account is hacked; the intruder is still not capable of fully controlling your system. This is explained below:
RUNAS [/profile] [/env] [/netonly] /user:<UserName> program
An example may then be bringing up a command shell as administrator. You would type the following command.
runas /user:mymachine\administrator cmd
You will then be prompted for the administrator password.
You can run any program in this manner just by going Start, Run and then typing the command. The program will run in the administrator context with those privileges.
