Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Administrator Account Locked

Status
Not open for further replies.
dineshparikh

dineshparikh

Technical User
Aug 28, 2002
53
GB
From last 3-4 days My Administrator Account is getting locked everyday, It seems that some of my user is trying to guess Admin password.
Since I have 2 account with Admin rights i was able to unlock my admin account.

My question is that can i stop my Admin account from getting locked even after three bad attemps?

Dinesh


 
Sort by date Sort by votes
You need to look at the event viewer and determine who is trying to crack the administrator password. Personally I would not remove the limit of three bad attempts … why give someone all the time they want to try that account or any other? You should change the name of the administrator account ASAP!
 
Upvote 0 Downvote
Agree...change the name of all the default accounts, and ensure that guest is disabled (unless you really need it). But just so you know how, you can turn off the lock out option by going to the properties of the Administrator User in the User Manager and disabling it.
 
Upvote 0 Downvote
If I were you, I'd stop the problem at the source, try finding out who is attempting to discover the admin password.
 
Upvote 0 Downvote
All good stuff.

Personally I think all above are good sugestions. Keep the settings so it dies lock a user out after 3 bad attempts, but maybe have it so it unlocks it after 30 minutes or some such time? Changing the default names is always recommended too and you certainly want to find out who is trying to access your administrative account.
 
Upvote 0 Downvote
Try this link:


How can anyone change the name of a built-in (default) account? The term "built-in", by definition, suggests that it can't be changed. Of course, an account name can NEVER be changed after it's created, right? It would have to be deleted and re-created, but you can't delete built-in accounts.

Try it! Go ahead-delete the Guest account and try to recreate it.

I have seen tips elsewhere, and there is (well, was) even an MCSE question that suggested improving security by deleting the IUSER_<server> account (anonymous IIS login), but it can't be done, it's a default, built-in account created when IIS is installed!

OK, so is there a utility out there that can work around this? hack the SIDs, maybe?

Also note, the admin password, unlike other accounts, CANNOT be locked out unless the registry is changed using the passprop.exe utility from the NTRK.

Cheers.
 
Upvote 0 Downvote
You can change the name of the default Administrator account and for security reasons you should definately do so. From user manager you highlight the account you want to rename - Select &quot;user&quot; from the menu - Select &quot;rename&quot;. You can change user names on any account whether default or not. Anyone knows the default admin account name &quot;Administrator&quot; and could easily hack the password if they had enough time or the right tool. If you couldnt change account names this would be a huge security problem. This will not affect the SID for the account it will just change the name.
 
Upvote 0 Downvote
Ah yes, tried this and it does work! My MCSE instructor said it couldn't be done. Should have poked around myself.

Thanks...
 
Upvote 0 Downvote
PS: Changing the name isnt a sure fire security fix, as stated in the link above, but not changing it is bad news, who needs tools when you have the username. If you dont change it, you make it easier for someone to hack the account. What you are talking about in the first place is keeping the account from getting locked out, changing the name would help. Sometimes Networks are hacked from the inside by your standard user just trying to see if he can. Changing the account name is just part of the security steps you should take to lock down your network.
 
Upvote 0 Downvote
Well if the SID doesn't get changed, it would seem a great idea to change the administrator name very frequently, even daily. But, what about Services that run under the Administrator account? Do these services make use of the account name AND the SID, or just the SID? Would one have to redo all the Service account startup logins, or would just changing the admin name globally transfer to these startups?
 
Upvote 0 Downvote
For services running under the admin account you would need to make the change there also to point to the newly re-named account. Changing the password on administrative accounts more often is better for security purposes than changing the name on a regular basis since the SID stays the same.
 
Upvote 0 Downvote
Besides renaming the default accounts such as guest or administrator you can also restrict these to certain computers. I have limited the Administrator account to my workstation, laptop and to the server and I haven’t run into any problems … yet. I have disabled the Guest account AND restricted its logon ability to a non-existent computer. I also created an Anonymous user account and disable its access to prevent anonymous user logon. I figure it’s better to be safe then sorry!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
334
goombawaho
goombawaho
Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
78
strongm
strongm
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
275
DrB0b
DrB0b
goombawaho
  • Locked
  • Question
Continuous RDP disconnection/reconnection for administrator user
Replies
5
Views
153
goombawaho
goombawaho
Kiwica
  • Locked
  • Question
Locked out domain account
Replies
4
Views
97
Kiwica
Kiwica

Part and Inventory Search

Sponsor

Back
Top