Built-in Administrator/Root Account
In short, stop using them! In Windows rename, and then disable the built-in Administrator account. Renaming may seem unnecessary but there is no way to know what a future exploit may be capable of. Maybe an exploit will enable the account by name and not SID, so renaming could break that process. In Linux/Unix you cannot really get rid of the Root user account, or rename it. You can, however, disable it and remove its login abilities.
Make sure before you kill off the admin accounts you properly set up a new admin account.
There are a few good methods in setting up user accounts to manage a server. You should create two new accounts with unique names; one as a basic user and one in the administrator’s group, or with sudo rights. For example, a basic user name like “Jake”, and an administrator named “Jake.admin”. This way it is easy to tell what the account is for. You should always access the server using the basic user account, and when you need to perform an administrative task escalate your privileges using the administrator account.
If this server is going to be apart of a Domain environment then you should only make one new account with administrator privileges. After getting connected to the domain the local account should not be used. Instead, use the domain login credentials to access the box. Since the local account will not be used often, make the password very long and complex.
Leave a Reply