Solved

Windows 7 - Built-in Administrator Account

Posted on 2010-09-10
7
531 Views
Last Modified: 2012-05-10
I noticed the administrator account is disabled by default in windows 7.   ANother user account is created when you perform the setup of your computer and is still enabled to the domain.  I set a group policy to keep the admin account enabled but rename it to something a little less mainstream for an admin account name and disabled the other admin account that was created during windows setup.
Does anyone have a quality reason whether I should maintain local admin or built in accounts for XP and 7?  I understand safe mode works regards if you disable the admin account.  I guess maybe a problem would occur if the machine somehow disjoined itself from the domain.  I don't when that situation would occur but I'm sure it would happen and is easy to rejoin the domain w/out a local admin account.  Ugh, I digress...   Can someone assist?   Maybe some nicely broken down best practice links out there:?
0
Comment
Question by:snoopaloop
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Expert Comment

by:James Haywood
ID: 33650432
Its always useful to have a local account if you need to do some troubleshooting and can't logon to the domain. A lot of networks i've used have an account with the same local account and password on every machine (with strong password) to make things simple.

If your domain is reasonably solid and all data held server side (as it should be really) then its not that much of an issue as you can just drop a fresh image on a machine that is misbehaving.
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 33650481
I would strongly suggest you keep the adminstrator account disabled and make the first Windows 7 user account a member of the administrator group (which it is by default). Use this as your administrator account and then create user accounts from there. This will not stop you from using the domain admin account when the computer is on the domain. ... Thinkpads_User
0
 
LVL 1

Author Comment

by:snoopaloop
ID: 33650636
I believe I am accomplishing the same task by renaming the local administrator account through group policy.  So thinkpad_user believe an active account in the local admins group should be present while hhaywood thinks if there are images for everything and users are smart enough to store everything on the file server then disable the account.  yes?
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 
LVL 96

Accepted Solution

by:
Experienced Member earned 63 total points
ID: 33650668
The point of disabling the local administrator account, coupled with User Acccount Control is to stop outside programs and people from hacking in (social engineering) and infesting the computer with malware. The local admin account may be com_admin with a password of ##fgcnggds## and most users won't figure it out. I like having a local back door into the system in case there is some issue on the server that prevents the domain account from working. Preference on my part.

But I would not enable the Windows 7 administrator account at all.
... Thinkpads_User

0
 
LVL 17

Assisted Solution

by:James Haywood
James Haywood earned 62 total points
ID: 33653053
Its personal preference really. I usually disable all local accounts if the machines are being accessed by multiple people (such as a school) with unknown technical abilities. If it tends to be the same people using the same machine and they are a known quantitiy (most offices) then it can be very useful to have a local account available.

I do agree with what Thinkpads_User has said.
0
 
LVL 6

Expert Comment

by:Kody-Burg
ID: 33653440
Microsoft disables the local administrator for a reason.

I would leave it disabled and use the administrator created during setup to prevent any issues.
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 33664434
Thank you snoopaloop - I was pleased to assist. .... Thinkpads_User
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question