Administrator Account Locked

[dineshparikh]

From last 3-4 days My Administrator Account is getting locked everyday, It seems that some of my user is trying to guess Admin password.
Since I have 2 account with Admin rights i was able to unlock my admin account.

My question is that can i stop my Admin account from getting locked even after three bad attemps?

Dinesh

 

[hbaecker]

You need to look at the event viewer and determine who is trying to crack the administrator password. Personally I would not remove the limit of three bad attempts … why give someone all the time they want to try that account or any other? You should change the name of the administrator account ASAP!

 

[inKryptic]

Agree...change the name of all the default accounts, and ensure that guest is disabled (unless you really need it). But just so you know how, you can turn off the lock out option by going to the properties of the Administrator User in the User Manager and disabling it.

 

[Jamesobrien]

If I were you, I'd stop the problem at the source, try finding out who is attempting to discover the admin password.

 

[Grenage]

All good stuff.

Personally I think all above are good sugestions. Keep the settings so it dies lock a user out after 3 bad attempts, but maybe have it so it unlocks it after 30 minutes or some such time? Changing the default names is always recommended too and you certainly want to find out who is trying to access your administrative account.

 

[BozoDaKlone]

Try this link:

http://www.is-it-true.org/nt/atips/atips40.shtml

How can anyone change the name of a built-in (default) account? The term "built-in", by definition, suggests that it can't be changed. Of course, an account name can NEVER be changed after it's created, right? It would have to be deleted and re-created, but you can't delete built-in accounts.

Try it! Go ahead-delete the Guest account and try to recreate it.

I have seen tips elsewhere, and there is (well, was) even an MCSE question that suggested improving security by deleting the IUSER_<server> account (anonymous IIS login), but it can't be done, it's a default, built-in account created when IIS is installed!

OK, so is there a utility out there that can work around this? hack the SIDs, maybe?

Also note, the admin password, unlike other accounts, CANNOT be locked out unless the registry is changed using the passprop.exe utility from the NTRK.

Cheers.

 

[Killman]

You can change the name of the default Administrator account and for security reasons you should definately do so. From user manager you highlight the account you want to rename - Select &quot;user&quot; from the menu - Select &quot;rename&quot;. You can change user names on any account whether default or not. Anyone knows the default admin account name &quot;Administrator&quot; and could easily hack the password if they had enough time or the right tool. If you couldnt change account names this would be a huge security problem. This will not affect the SID for the account it will just change the name.

 

[BozoDaKlone]

Ah yes, tried this and it does work! My MCSE instructor said it couldn't be done. Should have poked around myself.

Thanks...

 

[Killman]

PS: Changing the name isnt a sure fire security fix, as stated in the link above, but not changing it is bad news, who needs tools when you have the username. If you dont change it, you make it easier for someone to hack the account. What you are talking about in the first place is keeping the account from getting locked out, changing the name would help. Sometimes Networks are hacked from the inside by your standard user just trying to see if he can. Changing the account name is just part of the security steps you should take to lock down your network.

 

[BozoDaKlone]

Well if the SID doesn't get changed, it would seem a great idea to change the administrator name very frequently, even daily. But, what about Services that run under the Administrator account? Do these services make use of the account name AND the SID, or just the SID? Would one have to redo all the Service account startup logins, or would just changing the admin name globally transfer to these startups?

 

[Killman]

For services running under the admin account you would need to make the change there also to point to the newly re-named account. Changing the password on administrative accounts more often is better for security purposes than changing the name on a regular basis since the SID stays the same.

 

[hbaecker]

Besides renaming the default accounts such as guest or administrator you can also restrict these to certain computers. I have limited the Administrator account to my workstation, laptop and to the server and I haven’t run into any problems … yet. I have disabled the Guest account AND restricted its logon ability to a non-existent computer. I also created an Anonymous user account and disable its access to prevent anonymous user logon. I figure it’s better to be safe then sorry!