Wednesday, December 07, 2005

Disabling the Local Administrator Account

To help protect your computer you might want to consider disabling the local Administrator account in Windows XP. Since most systems have a local account named Administrator which has administrative privileges on your computer, which means it can do just about anything. This makes its really easy target for an attacker, because they know which account to go after to take over your system.

By disabling this account, you can increase the security of your computer, and make it more difficult for an attacker to guess which account has administrative privileges. Although, you have to make sure that you have another account which has administrative privileges on your system before disabling the original Administrator account, or you will lock yourself out of your computer.

To disable the administrator account:
  • Log on to your system with an account that has administrator privileges (such as the Administrator account).
  • In the Start menu, right-click 'My Computer' and select Manage.
  • In the Computer Management console, in the left console pane, expand the 'Local Users and Groups' node.
  • Click on Users, in the right details pane, double-click Administrator.
  • In the open properties Dialog, in the General tab, select 'Account is Disabled'.
  • Press the OK button, then close the Computer Management console.

Note: This change will take effect after you log off, then log on again.

1 comment:

Stacey said...

Like so many things, this unfortunately doesn't seem to work in XP Home edition. From http://support.microsoft.com/default.aspx?scid=kb;en-us;304040 : "In Windows XP Home Edition, the Computer Management snap-in does not display the Local Users and Groups node. The Local Users and Groups snap-in cannot be added to a custom snap-in. This behavior is a limitation of Windows XP Home Edition. It is not caused by Simple File Sharing."

I wonder if there's some other way to accomplish this in XP home. The MS Baseline Security Analyzer insists that I have an account called Administrator on this system, though inexplicably I can't log in using that name and can't see it listed in the User Accounts control panel applet...