Maximum PC

Due to a recent issue, I will be strengthening our Server 2003 security (workgroup, not a domain server). Specifically, I was looking at how the person managed to get into our server in the first place and how it relates to the Administrator account. I did not set up the server, but I get to deal with server issues that might come up. I keep a copy of a Windows Server reference hardback for questions and I'd like to ask for some help on determining if what I'm think of doing makes sense. Currently, all of our PCs log in to the server with Administrator rights. Each PC has a different login and password to gain entry to our system, but they all log into the server as "Administrator".
In this reference guide, the author mentions renaming the Administrator account to make it harder for a hacker to gain access to your system. If you do rename, does it make all the current accounts with Administrator access unable to get to the server, do they have to be changed to the new name (like what would happen if you changed a users login name)? Also, the author mentions creating a "bait" "Administrator" account (if you do rename the "Administrator" account), give it an obscure password, disable the account, and make the account a member of the "Guest" group only. That way, a hacker will find the Admin account and not be able to go anywhere even if they figure out the password.
I'm also looking at assigning each user their own user profile, so when their PC logs into the network, I can look at the users on the server at any time and see who is logged into the server, where currently, I just see a list showing "Administrator". Each user would still have to log into their PC as they currently have to do.

Thanks for any guidance.

First I agree with the author, you should rename the administrator account. Second, each user should not be logging into the server as the admin; there are too many possible and endless things the admin account can really muck up if you don't know what you are doing.

Third and the more important, if you change the administrator account name, if there are any programs that rely on the that account make sure you point to the new name as the app may not run any longer. Same as if you changed the admin password as it can no longer authenticate.

Do not confuse the administrator account with the administrator group. The group is what provides the permissions. You can delete or rename the account with no ill effects to anyone else.



I've always thought this to be a waste of time. This might stall a decent hacker for maybe...20 seconds.