Windows NT has some special accounts that should be
secured. The most important of these, of course, is the Administrator account.
The following procedures will harden your system against attacks on the
Administrator and other accounts:
- Rename the Administrator account and establish a
decoy. By renaming the Administrator account you will frustrate outside
attackers who are after the most privileged account in the system. To
further frustrate them, create a decoy account named Administrator that has
no privilege. Set full auditing on the decoy account, and if you have a
third-party monitoring tool, set it to page you when this account is
- Replace the Everyone group with the Authenticated
Users group on every network share and common-use directory. The Everyone
group allows even unauthenticated users on the network to access resources
with this access control designation.
- Disable the Guest account. The Guest account is
required by some third-party applications, but it should be disabled if it
is not required. The Guest account has traditionally been used as a shared
account for temporary users such as partners, suppliers, and contractors.
The use of shared accounts results in a complete loss of accountability.