Windows 10: Securing the default Administrator account on main domain server using GPO.

Discus and support Securing the default Administrator account on main domain server using GPO. in Windows 10 Customization to solve the problem; I am looking at securing the default 'Administrator' account in my AD environment using Server 2016 but have a few questions regarding doing so. I... Discussion in 'Windows 10 Customization' started by ChristopherCoePX, Mar 23, 2020.

  1. Securing the default Administrator account on main domain server using GPO.


    I am looking at securing the default 'Administrator' account in my AD environment using Server 2016 but have a few questions regarding doing so.


    I want to restrict the default 'Administrator' account via a GPO, applying settings as per the recommended Microsoft 'Securing Built-In Administrator Accounts in AD' best practices guide.


    I use backup administrator accounts for general day-to-day maintenance and do not use the default 'Administrator' account at all.


    My question is...

    Can I apply a GPO for restrictions to the 'Administrator' account ONLY by changing the GPO filtering scope to point only at that account and removing the 'Authenticated users' group??


    I don't want to test this because my server is live and don't want to accidentally lock myself out of the system or cause any headaches.


    The server is used as a WebServer and VPN Server for remote user access.


    The default 'Administrator' account is disabled and currently has a strong password +20 chars and symbols set.

    I only use it if I need to re-image the machine or for disaster recovery, then the account is live and allows me to log in.


    Thanks!

    :)
     
    ChristopherCoePX, Mar 23, 2020
    #1
  2. Cja123 Win User

    Server 2003 GPO questions

    Hello,
    I am working on a GPO in Microsoft Server 2003 for the majority of domain users here at my work and I am having difficulties achieving the results I need.

    Details:
    I would like to disable all programs on the domain user account except a select few. I have accomplished this through enabling "Only allow specific Windows applications to run" or something of that like in the GPO. I then added the programs I want the domain user to be able to run and it automatically excludes the rest. This worked beautifully however, I do want them to have access to a few installer files on our network drive but when I attempt to open the installer packages, I get a restriction error. More precisely, I get the same error that comes up when I try to open any other applications that are not included in the "Only allow specific Windows applications to run" field. I have scoured the GPO for about a day now and enabled every option I could think of that may allow these installations to run but I have not succeeded in finding it. Anyone have any advice?
    Notes:
    I have added the account I am monitoring through the GPO as an administrator on each local machine with my domain specified in the domain field.

    I am also wondering if there is a setting which allows an admin to bypass the GPO while logged in as the domain user that is governed by said GPO by some form of authentication?

    Let me know if any other information is needed. I will provide it as promptly as possible.

    Thanks in advance for the help! *Toast :toast:
     
    Cja123, Mar 23, 2020
    #2
  3. BR2049 Win User
    What is a proper way to change the default name of the local administrator account on Server 2012R2?

    Hello:

    I'm installing Windows Server 2012R2 and I'd like to change the default name of my local administrator account. I've learned two methods:

    1. Via Local Security Policy, there is a feature under "Security Options" called "Accounts: Rename Administrator Account"
    2. Via Computer Management, under "Local Users & Groups" and withing the "Users" folder, I can Right-Click for a "Rename" option on my default name of "Administrator".
    Do both methods accomplish the same goal? Is there a significant caveat I should be aware of with these methods? I just want to implement a best-practice step in a classroom environment that sees a lot of foot traffic.

    Thanks.

    Incidentally, this server is intended to be the domain controller for our small lab.
     
    BR2049, Mar 23, 2020
    #3
  4. Securing the default Administrator account on main domain server using GPO.

    "This security ID may not be assigned as the owner of this object", when trying to create GPO as Domain Admin

    Hi,

    I, and a couple of other members in our IT Team who are in the "Domain Administrators" group in active directory have been trying unsuccessfully to create a new GPO in the GPMC.

    Delegation is set to allow Domain Admins to create a new GPO, but whenever we try, we're met with the message above; "This security ID may not be assigned as the owner of this object".

    I've also tried to create a GPO using the default "Administrator" account on the Domain - unfortunately to no avail.

    I've searched through multiple forums already, and have yet to find a solution.

    Any help with this issue is thoroughly appreciated.

    Thanks,

    Harvey
     
    Harvey Rodgers, Mar 23, 2020
    #4
Thema:

Securing the default Administrator account on main domain server using GPO.

Loading...
  1. Securing the default Administrator account on main domain server using GPO. - Similar Threads - Securing default Administrator

  2. Administrator in domain

    in Windows 10 Network and Sharing
    Administrator in domain: Greeting, A domain has been created in my company. I wonder if the domain administrator can see all the files on other computers even though they are not shared?Thanks....
  3. make my main account as administrator?

    in Windows 10 Customization
    make my main account as administrator?: In Windows 10 I have 2 accounts one is guest account configured as an administrator by mistake, and my main account is not. I want to delete the guest account and make the main one administrator account. Your help is greatly appreciated. Thank You....
  4. Local Administrator cannot install software on domain member server

    in Windows 10 Installation and Upgrade
    Local Administrator cannot install software on domain member server: I'm worker in small company, and I don't have admin rights on domain, but in our work we need to install some softwares, I did a btach file to install these app but beside that we need to reconfigure some settings on client pc, when I run the batch the only things work the...
  5. Security settings and permissions for administrator accounts

    in Windows 10 Customization
    Security settings and permissions for administrator accounts: Hi! For the past few weeks, I was having problems in writing files in My Documents or any of its sub-folders. If A and B are two folders under Documents, and I want to move/copy a file from A to B, I was not permitted to do that. I had to first move/copy it to Downloads,...
  6. Bitlocker GPO Server 2016

    in AntiVirus, Firewalls and System Security
    Bitlocker GPO Server 2016: Windows 10 - 1809 Server 2016 I have installed the latest ADMX from microsoft.com to my server 2016 "policydefinitions" folder. All settings have been enabled for bitlocker to auto-encrypt by GPO yet it does not work. This was working with previous builds of Windows...
  7. How to disable Default administrator account...

    in User Accounts and Family Safety
    How to disable Default administrator account...: Hi am a facing this problem for long time..When ever i turned my Pc on its showing invalid username/password...Its getting in to a user account for which i dont know the passwpord....its hidden administrator account i think once i tried that in command prompt,,,,, i have...
  8. Built in Administrator - account security questions?

    in User Accounts and Family Safety
    Built in Administrator - account security questions?: After a couple of weeks of using Windows 10, I finally have the OS installed, tweaked and personalized. The last thing on the list is to tighten-up the default security account/settings of Windows 10 on the PC. In the past I attempted to do this w/ Windows 7 with...
  9. domain server problems

    in Windows 10 Network and Sharing
    domain server problems: I have had windows 10 a couple weeks and if this issue had not starter a week before that I would blame 10. My internet cuts off at random times, sometimes just for seconds and sometimes I have to turn off modem and restart. At first the troubleshooter said dns problems,...
  10. the main administrator account taskbar keeps flashing and oscilating

    in Windows 10 Support
    the main administrator account taskbar keeps flashing and oscilating: I have 2 user accounts as previous before upgrading to win10, user account opens and works perfect, the main administrator account after logging in, the taskbar commences flashing and oscillating preventing me choosing i.e. Microsoft edge or chrome etc. 17072