A lot of the time I hear the following statement 'Renaming the local administrator account makes it secure'.
No, it doesn't. Renaming the local administrator account just leaves you with a renamed local administrator account. It only makes it secure from people who are too dumb to read SID's but overall adds very little in the scheme of security.
In Windows, the local administrator account, no matter what it is named will always have a SID ending -500. Guest is -501
With that information and a couple of tools you can list out the local accounts, find the administrator and attack the account. Of course, if you have physical access to the hard drive and the drive doesn't use any form of encryption there are plenty of password reset tools out there.
2 comments:
Yes, but all this assumes that you have physical access to the machine or are logged on to it and have sufficient privileges to read the SAM file. If you don't and you're just trying to brute-force the admin account over the network or logging on, then the default name "Administrator" will give them a head-start as opposed to a renamed one. It doesn't provide much security, but in some cases it does provide a tiny extra layer. Teeny tiny. So small that it could drop down behind the sofa without you noticing it.
This is true when you have physical access to the target machine, or access with enough privileges to read the usernames/SAM file. If you don't and you're just trying to bruteforce the admin account without any knowledge of it, then knowing the admin account name is a starting point. If you don't know this and can't find it out, then a renamed admin account does provide a bit extra security. Not much mind. A small enough amount that it could slip down the back of the sofa unnoticed and linger there with all the old 50p pieces and fluff.
Post a Comment