Last Known Good Configuration, or LKGC for short, is a way in which you can start Windows 7 if you're having trouble starting it normally. If this situation occurs, another member of the Administrators group must set the password on the Administrator account with the Local Users and Groups tool. If the current Administrator password does not meet the password requirements, you cannot re- enable the Administrator account after it is disabled. For example, if the secure channel between a member computer and the domain controller fails in a domain environment for any reason and there is no other local Administrator account, you must restart in Safe Mode to fix the problem that caused the secure channel to fail. Maintenance issues can arise under certain circumstances if you disable the Administrator account. If it is very difficult to maintain a regular schedule for periodic password changes for local accounts, you may want to disable the built- in Administrator account instead of relying on regular password changes to protect it from attack. Disable the Accounts: Administrator account status setting so that the built- in Administrator account cannot be used in a normal system startup. All other accounts that are members of the Administrator's group have the safeguard of locking the account out if it has exceeded the maximum number of failed logons.Ĭountermeasure. Therefore, even if you rename the Administrator account, an attacker could launch a brute force attack by using the SID to log on. The built- in Administrator account cannot be locked out no matter how many failed logons it accrues, which makes it a prime target for brute force attacks that attempt to guess passwords.Īlso, this account has a well- known security identifier (SID), and there are non- Microsoft tools that allow authentication by using the SID rather than the account name. If you start a computer in Safe Mode, the Administrator account is always enabled, regardless of how you configure this policy setting. This policy setting enables or disables the Administrator account for normal operational conditions.
The Security Options item of Group Policy contains the following policies: Accounts: Administrator account status. You can configure the security options settings in the following location within the Group Policy Object Editor: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
The Security Options section of Group Policy configures computer security settings for digital data signatures, Administrator and Guest account names, access to floppy disk and CD drives, driver installation behavior, and logon prompts.
0 kommentar(er)
