Windows NT Administrator Account contents.gifindex.gif

Windows NT Administrator Account

An account named administrator was found. This default account cannot be locked out by too many incorrect login attempts, and can be vulnerable to a Brute Force attack if a poor password is chosen. There are three recommended fixes for this vulnerability: rename the administrator account to something which might not be easily guessed. A possible variation on this approach might be to add a new user named administrator who is only a member of the guest group, and has an unguessable password. Then enable auditing of failed login attempts, and monitor any attempts to login as administrator very closely. A third strategy would be to remove the right to log in from the network from the administrator account. This would make any brute force attempt have to come from the console, and would mean that only users who can be locked out (if enabled) can access the computer from the network.

Risk: Low

OS Vulnerable: Windows NT

Fix: Change the name of the administrator account.