How to Rename Administrator Account using GPO

In this article, I will show you how to rename administrator account using GPO (Group Policy). We will create a GPO and link it to an OU that will rename the local administrator account on domain joined computers.

When you install any Windows operating system, the default administrator account is disabled. You should never log on with the built-in administrator account. You must use your own administrative account instead. Furthermore, you can enable the administrator account using multiple methods. However, it’s not recommended unless you really need to access this account.

Renaming the administrator account will reduce the chance of brute force assaults, enhancing security in your Active Directory network. Group Policy makes it simple to rename the administrator account on all PCs in your AD domain.


Why should you rename the Local Administrator Account?


https://www.truecrimecollectors.com/showthread.php?tid=55

https://itrunsintheblood.bplaced.net/awake/showthread.php?tid=35

http://hondaikmciledug.co.id/HRIS/showthread.php?tid=11

http://yonghengro.gain.tw/viewthread.php?tid=70782&extra=

http://yonghengro.gain.tw/viewthread.php?tid=127195&extra=

http://yonghengro.gain.tw/viewthread.php?tid=88090&extra=

http://forum2.extremum.org/viewtopic.php?f=5&t=2468

http://forum2.extremum.org/viewtopic.php?f=5&t=20780

http://forum2.extremum.org/viewtopic.php?t=76288

http://forum2.extremum.org/viewtopic.php?t=76994

https://tasarhoa.com/hoa/viewtopic.php?t=59188

https://tasarhoa.com/hoa/viewtopic.php?t=42303


The administrator account exists on all Windows 10 and Windows 11 desktop editions (Home, Pro, Enterprise, and Education). Administrator accounts have privileged access to systems. As a recommended security practice, renaming the account makes it slightly more difficult for attackers to guess this username and password combination.


Steps to Rename Administrator Account using GPO


Let’s look at the steps to rename administrator account using Group Policy. First, launch the Group Policy Management console on the server. If you are a domain administrator, you can log in to either the domain controller or to a member server with GPMC installed.


There are two important points that I would like to highlight here:


  1. You should not edit the default domain policy in this case, as the settings will apply to the entire AD domain.
  2. The best practice that is followed in many organizations is creating a new GPO and then applying it to a selected OU.


In the Group Policy Management console, expand your domain and navigate to Group Policy Objects. We will first create a new GPO that will rename the built-in administrator account, and then link this GPO to an OU. Right click Group Policy Objects and select New.

Enter the GPO name as “Rename Local Administrator” and click OK.

You should find the newly created GPO under Group Policy Objects. Right-click Rename Local Administrator GPO and select Edit.

In the Group Policy Management Editor, navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options. In the right pane, look for the policy Accounts: Rename administrator account. Right-click this policy setting and select Properties.

Accounts: Rename administrator account: This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. The BUILTIN\Administrator account always has a relative identifier (RID) of 500. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged username and password combination.

On the rename administrator account properties window, check the option “Define this policy setting” and enter the local administrator name. Ensure the administrator name doesn’t include any symbols or special characters. Click Apply and OK. Close the group policy management editor.


https://www.wwcs.eu/wwcs/modules/wwcs-gun/images/default-source/wwcs/gallery-5-5

http://xavierdeschamps.free.fr/Escalade/Forum_escalade/viewtopic.php?pid=12352

http://xavierdeschamps.free.fr/Escalade/Forum_escalade/viewtopic.php?id=57

http://xavierdeschamps.free.fr/Escalade/Forum_escalade/viewtopic.php?pid=5754

https://www.trinitymissionsusa.com/board/board_topic/8824286/5636880.htm

https://www.trinitymissionsusa.com/board/board_topic/8824286/5662767.htm

http://vrn.best-city.ru/forum/thread540088817/

http://vrn.best-city.ru/forum/thread540088889/

http://katusclub.tmweb.ru/forum/messages/forum23/topic417/message52787/#message52787

https://katusclub.tmweb.ru/forum/topic/add/forum22/

http://katusclub.tmweb.ru/forum/messages/forum23/topic655/message15384/#message15384


Link the Group Policy Object to OU


It is necessary to apply or link the GPO that we created in the previous step to an OU. It’s best to test the policy on a small group of computers before expanding it to a larger group, though you can link it to the entire domain if necessary. Right-click an OU in the Group Policy Management console and select “Link an Existing GPO.”

You must select a GPO to link it to the OU. In this case, select Rename Local Administrator and link it to the OU. Click OK.

We see the scope of the GPO is applied to authenticated users.


Update Group Policy and Verify the GPO on Client Computers


In this step, we will refresh the group policy on computers and verify if GPO has renamed the administrator account. By default, the Group Policy update interval is 90 minutes for AD domain joined computers, and you may modify the Group Policy Refresh Interval if required.

Comments

Post a Comment

Popular posts from this blog

Fix Intune Profile Installation Failed during macOS Enrollment

While enrolling the macOS in Intune, you may encounter a warning, “Profile Installation Failed“. Could not obtain the final profile using the Encrypted Profile Service. In this article, I will show you how to resolve this error and provide you with some troubleshooting steps. When you register macOS devices into Intune, you might end up with several enrollment errors. Thankfully, the Intune portal now shows the device enrollment failures right on the dashboard. This makes it easy to troubleshoot the device enrollment errors. I recently published a guide on enrolling macOS into Intune, where I covered the steps to enroll macOS devices into Intune using the company portal app. Microsoft Intune supports enrollment on personal and company-owned devices. Only when you enroll your macOS devices in Intune, you can manage them. https://www.openhelbreath.com/showthread.php?tid=1645 https://www.mcmon.ru/showthread.php?tid=12513 https://www.csoyuncu.net/showthread.php?tid=2319 https://test.tcz.x1
Read more

2 Best Solutions: Error Can’t Connect to Windows 365

In this article, I will show you how to resolve the error can’t connect to Windows 365. If you are unable to access your Cloud PC using the Windows 365 app, there are two ways to solve this issue. I normally connect to my Cloud PC using the Windows 365 app. Note that there are multiple ways to connect and access your Cloud PCs. For instance, you can connect to a cloud PC using the Windows 365 home page, the Windows 365 App, or the Microsoft Remote Desktop client. Cloud PCs are accessible to users only after you assign Windows 365 licenses to users. Note that you should also provision Windows 365 Cloud PCs that allow users to access them from any device. In my case, the provisioning policy in place for Cloud PCs and a valid license was assigned to the user. In some cases, when you attempt to connect to Cloud PC, there may be gateway errors or connection errors. Refer to the following guide on troubleshooting Cloud PC connection errors, where I have covered solutions for Cloud PC access
Read more

2 Easy Ways to Remove Insider Preview Evaluation Copy Watermark

I’ll show you how to remove insider preview evaluation copy watermark from your Windows desktop in this article. If you don’t want the evaluation copy watermark to appear on your desktop, you can remove it using multiple methods. If you have enrolled for the Windows Insider Preview program and have installed the insider preview build, you’ll notice a watermark in the lower-right corner of the desktop. The watermark reveals the build number of the Windows insider preview. The screenshot below shows the example of insider preview evaluation copy watermark from Windows desktop. This watermark appears on all the recent installations of Windows insider preview, and there are multiple methods such as registry, ease of access settings in control panel using which you can remove this watermark on the desktop. There are three proven ways to remove the Evaluation Copy watermark from the desktop of insider preview builds: https://test.tcz.x10.mx/mybb/showthread.php?tid=24716 https://expectingtheu
Read more