11.3. Renaming the Administrator and Guest Accounts

Problem

You want to rename the administrator and guest accounts on your servers. This is a good practice because these two default accounts are often the target of attackers.

Solution

Using a graphical user interface

To rename a domain administrator or guest account, do the following:

  1. From Administrative Tools, open the Active Directory Users and Computers snap-in.

  2. In the left pane, browse to the Users container and click on it.

  3. In the right pane, right-click the administrator or guest account and select Rename.

  4. Type the new name for the account and hit Enter.

To rename a local administrator or guest account, do the following:

  1. From Administrative Tools, open the Computer Management snap-in.

  2. In the left pane, expand System Tools Local Users and Groups Users.

  3. In the right pane, right-click on either the Administrator or Guest account and select Rename.

  4. Type the new name for the account and press Enter.

Using a graphical user interface

To rename a domain administrator account, use the dsmove.exe command (available on Windows Server 2003). The following shows the basic syntax:

> dsmove "cn=administrator,cn=users,<DomainDN>" -newname "<NewName>"

For example:

> dsmove "cn=administrator,cn=users,dc=rallencorp,dc=com" -newname "admn"

And this shows how to rename the domain guest account:

> dsmove "cn=guest,cn=users,dc=rallencorp,dc=com" -newname "noguest"

To rename local accounts, use the cusrmgr.exe utility from the Windows 2000 Resource Kit: ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.