Group Policy Rename Administrator Account

Renaming well-known accounts in Windows makes it more difficult for unauthorized access to the Computer Systems and its Resources. Although Microsoft has made strides to protect the System accounts as IT Administrator’s we can go a little Extra.

With the assistance of Group Policies, we can Rename the Administrator Account. It is also suggested to Rename the Guest account although the rights are minimal if there is an exploit we don’t want to make it easy.

Security Options

There are two ways of renaming well know accounts. Both are done in the Computer configuration section of the Group Policy Object. For the first configuration browse too:


Policies > Windows Settings > Security Settings > Local Policies > Security Options

Group Policy
Rename Administrator Account

On the right side, you will have a huge amount of option that can be configured. There are only four options that need to configure for the Well-know accounts.

  • Accounts: Administrator account status
  • Accounts: Guest Account Status
  • Accounts: Rename Administrator Account
  • Accounts: Rename guest Account

Policies can be set up as per your Environments requirement. The recommendation is if you enable the Administrator account. Make sure the Name is not similar to other potential admin Names. So if you decide to google other names for Administrators. Those might not be the best choice as other Administrators would potentially do the same. Regardless almost anything is better than Administrator.

With the guest account, the suggestion is always to Disable and Rename. As an additional option, you can also Enable the Setting: “Accounts: Limit Local accounts use of Plank passwords to console logon only“.

Control Panel Settings

The Second option to Rename well know accounts gives you a bit more option in terms of what can happen to the account. Although with the option to Reset the password taken away it is really just a matter of preference which way you go about to get the task done. Browse too:

Computer Configuration > Preferences > Control Panel Settings > Local Users and Groups

Group Policy
Rename Administrator Account

On the Right-hand side, right-click and choose New > Local User.

Group Policy
Rename Administrator Account
Local User

On the Action, dropdown ensure you choose Update, then choose the user that is going to be updated at the User Name Section. As you can see on the screenshot below there is no option anymore to enter the Password. This will now have to be done when setting up the Computer or by deploying a script throughout the environment. This will have to be done twice. Once for the Administrator account and Second for the Guest Account.

Group Policy
Rename Administrator Account
Update User

While you are busy with the local accounts I also suggest to Remove Local users from the Administrator Groups.

********************************************************

If you liked what you read Please Share.
I’d love it if you followed me on YouTube and Facebook.

Also, feel free to subscribe to my posts by email.
Donations for the site can be made here.
Thanks for reading.

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *