asked on Windows 7 - Built-in Administrator Account
I noticed the administrator account is disabled by default in windows 7. ANother user account is created when you perform the setup of your computer and is still enabled to the domain. I set a group policy to keep the admin account enabled but rename it to something a little less mainstream for an admin account name and disabled the other admin account that was created during windows setup.
Does anyone have a quality reason whether I should maintain local admin or built in accounts for XP and 7? I understand safe mode works regards if you disable the admin account. I guess maybe a problem would occur if the machine somehow disjoined itself from the domain. I don't when that situation would occur but I'm sure it would happen and is easy to rejoin the domain w/out a local admin account. Ugh, I digress... Can someone assist? Maybe some nicely broken down best practice links out there:?
Does anyone have a quality reason whether I should maintain local admin or built in accounts for XP and 7? I understand safe mode works regards if you disable the admin account. I guess maybe a problem would occur if the machine somehow disjoined itself from the domain. I don't when that situation would occur but I'm sure it would happen and is easy to rejoin the domain w/out a local admin account. Ugh, I digress... Can someone assist? Maybe some nicely broken down best practice links out there:?
OutlookWindows 7Windows Server 2008
Last Comment
John
I would strongly suggest you keep the adminstrator account disabled and make the first Windows 7 user account a member of the administrator group (which it is by default). Use this as your administrator account and then create user accounts from there. This will not stop you from using the domain admin account when the computer is on the domain. ... Thinkpads_User
ASKER
I believe I am accomplishing the same task by renaming the local administrator account through group policy. So thinkpad_user believe an active account in the local admins group should be present while hhaywood thinks if there are images for everything and users are smart enough to store everything on the file server then disable the account. yes?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Microsoft disables the local administrator for a reason.
I would leave it disabled and use the administrator created during setup to prevent any issues.
I would leave it disabled and use the administrator created during setup to prevent any issues.
Thank you snoopaloop - I was pleased to assist. .... Thinkpads_User
If your domain is reasonably solid and all data held server side (as it should be really) then its not that much of an issue as you can just drop a fresh image on a machine that is misbehaving.