Jump to content

Local Admin Account Name Changed t/o network!HELP!


ITinVA

Recommended Posts

A strange situation has started to occur on our networks and we have not been able to pinpoint it...

SomeONE or someTHING is changing our Local Administrator account name to Disabled. Not changing the password or anything else. Looks like some type of script could be doing it, only nothing has been found on either DC (we are operating in a W2K environment). Also strange is that there is no consistency- the names were not changed at the same time of day and some not even on the same day. Cannot pinpoint a specific date/time though as many machines have no entries in the Event Logs. We have tried changing them back to "Administrator" and later they are changed back. Any suggestions and/or insight??

Link to comment
Share on other sites


Check your GPOs (rsop.msc on client machines) and logon scripts. If you've got DCs then no one should be logging into a local account. You should also look into changing all the local admin passwords (use compmgmt.msc and connect to the client PCs)

You can also set the name of the local admin account via GPOs (I'm on XP SP2, not sure about 2K Serv) "Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Accounts: Rename administrator account, though this solution does not help figure out the cause of the problem.

Link to comment
Share on other sites

This may sound dumb mate, but change the local admin passwords on the machines as some joker may be playing with you :)

That would be my thought as well.

Change the passphrase and create multiple admin accounts with specific privileges assigned to each individual who needs that specific access. No need to have 1 admin account to globaly do changes. There should only be 1 superadmin.

Btw... always use 8-12 characters with symbols (i.e. o12fr@nce^$k)

Link to comment
Share on other sites

Change the passphrase and create multiple admin accounts with specific privileges assigned to each individual who needs that specific access. No need to have 1 admin account to globaly do changes. There should only be 1 superadmin.

Agreed. ;)

Link to comment
Share on other sites

:lol: We have an Enterprise network and no one really uses the local admin accounts, I just happen to notice it and when I researched more machines that's when I realized it had done it throughout the network.

Good news- We did figure it out (Thanx Spyderman2) as we obviously have numerous Domain Admins with rights to change GPO's. Someone (who didn't know how to do it CORRECTLY) changed the GPO in "Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Accounts: Rename administrator account, and instead of correctly disabling the service (by UNchecking the box) they ENABLED it by checking, then put the WORD "Disabled", hence renaming all Administrator accounts to "Disabled".

Thanks for the help and Oh so glad we got it figured out!

:w00t:

Link to comment
Share on other sites

That is histerically funny!!!!!!!!! What a novel way to "disable" the admimistrator account.... HA HA HA!!! Thank you ITinVA for the follow up... you just got my morning off to a good start....

This is good material for those admin joke sites....

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...