Which of the following actions should you take?

You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain
named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have
Windows Server 2012 installed.
You have been instructed to modify the name of the local Administrator account on all Contoso.com
workstations. You want to achieve this using as little administrative effort as possible.
Which of the following actions should you take?

You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain
named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have
Windows Server 2012 installed.
You have been instructed to modify the name of the local Administrator account on all Contoso.com
workstations. You want to achieve this using as little administrative effort as possible.
Which of the following actions should you take?

A.
You should consider configuring the Security Options settings via the Group Policy Management
Console (GPMC).

B.
You should consider navigating to Local Users and Groups via Computer

C.
You should consider configuring the replication settings.

D.
You should consider navigating to Local Users and Groups via Computer Management on each
workstation.

Explanation:
Rename administrator account policy setting determines whether a different account name is
associated with the security identifier (SID) for the Administrator account.
Because the Administrator account exists on all Windows server versions, renaming the account
makes it slightly more difficult for attackers to guess this user name and password combination. By
default, the built-in Administrator account cannot be locked out no matter how many times a
malicious user might use a bad password. This makes the Administrator account a popular target for
brute-force password-guessing attacks.
The value of this countermeasure is lessened because this account has a well-known SID and there
are non-Microsoft tools that allow you to initiate a brute-force attack over the network by specifying
the SID rather than the account name. This means that even if you have renamed the Administrator
account, a malicious user could start a brute-force attack by using the SID.
Rename the Administrator account by specifying a value for the Accounts: Rename administrator
account policy setting.
Location: GPO_name\Computer Configuration\Windows Settings\Security Settings\Local
Policies\Security Options



Leave a Reply 0

Your email address will not be published. Required fields are marked *