Network Administration: Using the Administrator Account - dummies

Network Administration: Using the Administrator Account

Windows comes with a built-in account named Administrator that has complete access to all the features of the server. As a network administrator, you frequently log on using the Administrator account to perform maintenance chores.

Because the Administrator account is so powerful, you should always enforce good password practices for it. In other words, don’t use your dog’s name as the Administrator account password. Instead, pick a random combination of letters and numbers. Then, change the password periodically.

Write down the Administrator account password and keep it in a secure location. Note that by “secure location,” that is not taped to the front of the monitor. Keep it in a safe place where you can retrieve it if you forget it, but where it won’t easily fall into the hands of someone looking to break into your network.

Note that you cannot delete or disable the Administrator account. If Windows allowed you to do that, you could potentially find yourself locked out of your own system.

As much as possible, you should avoid using the Administrator account. Instead, you should create accounts for each of your system administrators and grant them administrator privileges by assigning their accounts to the Administrators group.

Although you can’t delete or disable the Administrator account, you can rename it. Some network managers use this ability to hide the true Administrator account. To do this, just follow these steps:

  1. Rename the Administrator account.

    Write down the new name you use for the Administrator account, along with the password, and store it in a top-secret secure location.

  2. Create a new account named Administrator and assign it a strong password, but don’t give this account any significant privileges.

    This new account will become a “decoy” Administrator account. The idea is to get hackers to waste time trying to crack this account’s password. Even if a hacker does manage to compromise this account, he won’t be able to do anything when he gets in.