On 3 Sep 2005 at 14:19, David wrote:
> I am running Windows 2000. Out of the box, of course, it had an
> administrator account called, of all things, Administrator. For
> security reasons I changed its name to, let's say, George. I also
> created a regular user account which I use for everyday purposes.
Using a regular account for everyday purposes is a good idea. Renaming
the Administrator account doesn't achieve much, though, unless you also
enable the security policy entry that limits anonymous sessions, and even
then the protection is incomplete.
In the NT family of Windows versions -- NT, 2000, XP/2003 -- each account
has a name and an SID (Security ID), and the SID is what matters. So any
hacker or piece of malware that can browse the list of accounts can ignore
what the accaount is named and just look for the one whose SID proclaims "I
am THE Administrator account".
In NT and 2000, by default anyone that can make a network connection to
the machine can, by default, check out the list of accounts, and you have to
disable that explicitly. With XP, the attacker has to be running on a
logged-in account to get to that info -- usually true of a virus, but harder
for an Internet hacker to achieve.
David Gillett
PCBUILD maintains hundreds of useful files for download
visit our download web page at:
http://freepctech.com/downloads.shtml
|