Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Disable domain administrator account?

Status
Not open for further replies.
JChester42

JChester42

Programmer
Nov 14, 2005
9
US
We recently disabled our domain builtin administrator account in active directory, to harden security
We have 5 Domain controllers. It appears after we did this, we starting receive error messages in event viewer:

Event 40960
The Security System detected an authentication error for the server ldap/name.name.com/name.com@name.com. The failure code from authentication protocol Kerberos was "The referenced account is currently disabled and may not be logged on to.
(0xc0000072)".

We also received errors in DHCP service on some servers, stating that they didn't have right credentials for replication.

It doesn't appear that any major apps went down, but these message do alarm me, that maybe things are not getting replicated.


 
Sort by date Sort by votes
I think it's because on your network you have certain services runing with domain administrator account.

 
Upvote 0 Downvote
How can you tell which services are running as domain administrator, and where would I go to change which account they use?

 
Upvote 0 Downvote
I looked and I have no services running as Administrator.

All services are either running as Local System, Or Network Service.

 
Upvote 0 Downvote
Just curious, why did you decide to disable the account? An easier trick is to rename the account then create a new domain account named administrator that has guest access.

This way if someone attempts a brute force attack on the administrator account the best they will get is a dummy account if they succeed. Plus you don't get stuck trying to hunt down any services that use the admin account as they use the GUID not the name to identify it.
 
Upvote 0 Downvote
Well, I was told it would be best to disable admin account and create a new one, because they could still attack the account since the GUID doesn't change.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
373
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
136
ADB100
ADB100
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
334
goombawaho
goombawaho
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
275
DrB0b
DrB0b
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
335
fredmartinmaine
fredmartinmaine

Part and Inventory Search

Sponsor

Back
Top