For security reasons, you may want to consider renaming the built-in local Administrator account. This account is very powerful, and its name is easily guessable so it is a common vector for attackers. Before you rename this account, make sure you understand the consequences:

  • The account continues to work but you now need to use the newly assigned name to log on with this account. Make sure there are no automatic logon processes that use the old default name
  • Renaming the account will not change its SID so sophisticated attackers can still target this account by using its well-known SID

To rename the built-in Administrator account (or any other local account), launch PowerShell with Administrator privileges, and run this line:

 
PS> Rename-LocalUser -Name "Administrator" -NewName "TobiasA" 
 

To use the account for login, use the newly assigned name. By using the account’s well-known SID, you can still identify the renamed account even if you don’t know its name:

 
PS> Get-Localuser | Where-Object Sid -like 'S-1-5-*-500'

Name    Enabled Description
----    ------- -----------  
TobiasA False   Built-in account for administering the computer/domain 
 




Twitter This Tip! ReTweet this Tip!

Anonymous