Renamed Local Administrator Account Name Reverts to Old Account Name

Renamed Local Administrator Account Name Reverts to Old Account Name
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Renamed Local Administrator Account Name Reverts to Old Account Name underthegun2004 11-30-2005
Posted by underthegun2004 on November 30, 2005, 4:39 am
If you were  Registered and logged in, you could reply and use other advanced thread options
We are moving XP boxes from DOMAINA to DOMAINB.

When we initially built the machines, we renamed the local admin
account from administrator to "local.a".

Instead of renaming them manually when joining the new DOMAINB, we
created and applied a GPO that renames the local admin account to
"local.b".

Our dilemma is that when we unjoin from new DOMAINB, local admin
account name reverts from "local.b" to "local.a".

The only solution I can think of is to ensure that we change the names
manually before joining it to the new DOMAINB.

Any suggestions to do avoid having to do this manually? If you look at
Local Security Policy settings, it has the correct name of "local.b",
but if you unjoin from domain to workgroup, Local Security Policy even
reverts back to "local.a".

Where is the WORKGROUP LSP stored? Can we modify those stored settings
while the machine is in the DOMAINB?


Posted by Roger Abell [MVP] on November 30, 2005, 10:18 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I would really need to set up a test on this, but off the top it
sounds like you named the account by use of the rename
policy in the LSP, not by the local user manager, prior to the
joining to the first domain. So, when the machine goes out
of management scope of the AD based GPOs the account
has its name gets set to that specified in the LSP.
When you say you see the current name, as defined in the
AD based GPO, when you look in the LSP, this I am taking
as your seeing the effective policy value (from AD GPO).
Unless I am recalling incorrectly the rename is a real rename
and it would persist when a machine goes out of scope of
management by a GPO, so it must be that another (i.e. the
LSP) policy is then changing it.
So, you could try defining a security template with the one
setting to rename the account to the desired value and then
apply this with secedit. The idea is that this will adjust the
local value stored in the security.sdb, but the AD based GPO
setting will still be effective. Then, when the machine goes
out of scope of the GPO the newly set local value should be
applied.

--
Roger Abell
Microsoft MVP (Windows Server : Security)

> We are moving XP boxes from DOMAINA to DOMAINB.
>
> When we initially built the machines, we renamed the local admin
> account from administrator to "local.a".
>
> Instead of renaming them manually when joining the new DOMAINB, we
> created and applied a GPO that renames the local admin account to
> "local.b".
>
> Our dilemma is that when we unjoin from new DOMAINB, local admin
> account name reverts from "local.b" to "local.a".
>
> The only solution I can think of is to ensure that we change the names
> manually before joining it to the new DOMAINB.
>
> Any suggestions to do avoid having to do this manually? If you look at
> Local Security Policy settings, it has the correct name of "local.b",
> but if you unjoin from domain to workgroup, Local Security Policy even
> reverts back to "local.a".
>
> Where is the WORKGROUP LSP stored? Can we modify those stored settings
> while the machine is in the DOMAINB?
>



Similar ThreadsPosted
Administrator's Account Name Reverts to Original Name September 21, 2005, 3:16 pm
How does your organizations manage the local administrator account on workstations? August 29, 2008, 11:32 pm
Renaming "Administrator" account October 20, 2005, 12:18 pm
rename Administrator account well after initial set-up January 4, 2006, 4:28 pm
Administrator account and lockout policy July 15, 2008, 12:35 pm
Re: cracking local admin account September 4, 2005, 11:56 am
Creating local user account from ASP.NET (C#) April 24, 2007, 8:02 am
RE: cracking local admin account September 15, 2007, 10:36 pm
Local System Account & Network Access June 29, 2006, 9:08 am
Local system and user account - registry October 5, 2006, 6:27 am

The site map in XML format XML site map

Contact Us | Privacy Policy