MiShY 0 Posted August 8, 2000 Hey, I have just installed Win2kPro for the first time and I just read a security article - as follows - and I was wondering if someone could please detail to me how to implement this on my system. Like I said I am new to 2000 and infact all NT variants so if you can help please explain in total laymans terms so I can understand The article is as follows :::: "Rename Administrator Unlike other Accounts, the Administrator ID cannot be locked out. This means that people can try as many times as they like to crack this ID. To make this more difficult, rename your administrative account to something else. Make it very easy to remember, like "RealAdmin" or something similar. Next, I would recommend making a dummy Administrator account that has NO rights to anything, and giving it a log in script that writes the client machine's host name and IP address to a file whenever someone is able to log in using it, and then kicks the user off. To add a login script to the dummy administrators account, go to Console1 and the properties of the dummy account. Change it in the "Login Scripts" entry. A login script, in the most simple terms, is just a batch file that a user runs when they login. This can be as simple as connecting a few network drives to as complex as, well, let it suffice to say it can get really complex. If you want to make a login script that puts the IP address info of the person logging into your machine into a log file, you would use something like this. Let's name the file Login.CMD, and let's create it in notepad just like any other text file. Note that each new line below is prefaced with a bullet point, just so you can see where new lines begin in case the HTML formatting doesn't come out right): rem Make it so the person logging in doesnt see the script run @echo off Rem get the ipaddress of the local machine (along with some other settings, you can write another script to parse out just the ip address, but if they are NAT'ed or PAT'ed then the whole thing is a lot more useful) ipconfig >> \\<YourServer>\<SecureShare>\ipaddr.log rem Exit the command shell Exit" Thankyou for any help you may be able to offer me, MiShY Share this post Link to post
nagual 0 Posted August 8, 2000 first, before ill be bothered, tell me if your on a domain or not, if im not to tired (and therefore mistaken i dont think that u can implement this on just 1 standalone machine youll have to logon to a pdc/bdc to have logon scripts Share this post Link to post
MiShY 0 Posted August 8, 2000 Hey, Like I said I am totally new to win2k so thanks for your "understanding" response. I am on a stand-alone machine. Thanks for the advice, MiShY Share this post Link to post
MiShY 0 Posted August 8, 2000 Hey, Like I said I am totally new to win2k so thanks for your "understanding" response. I am on a stand-alone machine. Thanks for the advice, MiShY Share this post Link to post
Toby 0 Posted August 8, 2000 Hi. No problem in a making logon-scrips on a standalone Workstation. Just make a *.bat file like "test.bat" under \winnt\system32\repl\import\scripts you have to create the folders repl, import, spcripts. Now goto Users&Passwords in the ConrolPanel, select advanced properties for the user, type test.bat (in this case) in the Logon Script field. Do NOT use the full path.... If you lack the knowledge to write scrips, just search the net. Lots of help to find if you are willing to learn.... This is just to get you started... Good Luck.. // Toby Share this post Link to post
Toby 0 Posted August 8, 2000 Hi. No problem in a making logon-scrips on a standalone Workstation. Just make a *.bat file like "test.bat" under \winnt\system32\repl\import\scripts you have to create the folders repl, import, spcripts. Now goto Users&Passwords in the ConrolPanel, select advanced properties for the user, type test.bat (in this case) in the Logon Script field. Do NOT use the full path.... If you lack the knowledge to write scrips, just search the net. Lots of help to find if you are willing to learn.... This is just to get you started... Good Luck.. // Toby Share this post Link to post
CUViper 0 Posted August 8, 2000 to rename/add/remove users, right-click on 'my computer' and got to manage. under 'system tools' there is 'local users and groups'. in there, go to users, and you can rename your administrator account. Personally, I wouldn't mess around with the idea of a dummy account, but if you want to, start reading up on scripting! Share this post Link to post
