NCSAM/2011–Post 12–Don’t bother renaming Administrator
My argument here is much in the same vein as my previous post on choosing random usernames.
I’ve met a number of people who argue that renaming the built-in Windows Administrator account is a great security measure, because an attacker now has to guess the name of the Administrator account as well as its password.
Or they put it a little more scientifically, and say that renaming the Administrator account increases the entropy already present in the password.
If you want more entropy in the password, put more entropy in the password
Seems pretty obvious to me, really.
If your passwords don’t have enough entropy (more or less equivalent to “random” in the everyday sense of the word), add more entropy – use a wider range of characters, or simply make the minimum password length that much longer.
The system works against you
If you make the name of the Administrator account a secret, that’s really no good, because the system works against you. It does absolutely nothing to protect you. A simple call to “NET USER” will list the local users, including the local administrator, and a relatively simple ICACLS command will apply rights to the local administrator – no matter its name – on a file. And then you can list the file’s permissions – again using ICACLS – to see what the name is for that administrator.
The one argument in its favour
There is one argument I accept as moderately valid for renaming the Administrator – now you can go ahead and treat every attempt to use the “Administrator” account as an attack, because none of the valid uses of the renamed-Administrator account will use that user name.
But so many arguments against
So now for some arguments against – unlike the “doesn’t really add entropy” point above, these are areas in which renaming the Administrator account does actual harm:
- You can’t reuse scripts and applications without having to reconfigure them so as not to use the Administrator name, but your “NotReallyTheAdministrator” account.
- If that’s even possible for the app you want to use – I know, that would be a bad app, but when’s the last time you went a week without having to use an app with some bad behaviour?
- You have to supply the new Administrator name to each person who has to use the account. [Re-training]
- Your single Administrator account should already be treated as if every use is an attack, because individual administrators should have their own account, to allow for auditing and revocation. The Administrator account should be rarely used.
- You have to change the Administrator account as soon as anyone who knows it leaves (and because anyone can find it out, that’s fairly frequently!)
And my favouritest argument of all:
- There are very many things, more important than renaming the Administrator account in securing your systems, that you have not yet done, and which will take less time to do than implementing all the infrastructure and operational procedures required to rename your Administrator account and keep it correctly monitored and managed.