I noticed the administrator account is disabled by default in windows 7. ANother user account is created when you perform the setup of your computer and is still enabled to the domain. I set a group policy to keep the admin account enabled but rename it to something a little less mainstream for an admin account name and disabled the other admin account that was created during windows setup.
Does anyone have a quality reason whether I should maintain local admin or built in accounts for XP and 7? I understand safe mode works regards if you disable the admin account. I guess maybe a problem would occur if the machine somehow disjoined itself from the domain. I don't when that situation would occur but I'm sure it would happen and is easy to rejoin the domain w/out a local admin account. Ugh, I digress... Can someone assist? Maybe some nicely broken down best practice links out there:?
If your domain is reasonably solid and all data held server side (as it should be really) then its not that much of an issue as you can just drop a fresh image on a machine that is misbehaving.