How to Disable the Administrator Account

Windows Server 2003 makes it possible to disable the powerful Administrator account, which can help slow down or deter potential hackers. In this Windows Server 2003 tip, Scott Lowe discusses some things to consider before taking this step, and he tells you how to disable the account.

When reading through guides about how to harden earlier versions of Windows, one of the recommended courses of action is to rename the Administrator account to slow down potential hackers. In Windows Server 2003, you can take it one step further by actually disabling the Administrator account. But before you take this step, you should first consider the ramifications.

You need to have an administrator-equivalent account to perform all of the legitimate security and maintenance functions that the original made possible. Before you disable the Administrator account, make sure you create another account to act in this capacity and assign the permissions that it will need to carry out the duties of the Administrator account.

Disabling the Administrator account will very likely confuse would-be hackers. The Administrator account is an account that hackers know exists.

If you simply rename the account, they'll just look for it when they see that there's no account named Administrator. While it might not deter experienced, determined hackers, it will probably slow them down and might serve to completely deter a casual attack.

To disable the Windows Server 2003 Administrator account, follow these steps:

1. Open Control Panel, select Administrative Tools, and select Computer Management.
2. Select Local Users And Groups in the console tree, and click Users.
3. In the Details pane, right-click Administrator, and select Properties.
4. In the Administrator Properties dialog box, select the General tab, select the Accounts Disabled check box, and click OK.
5. In the Details pane, right-click Administrator, and click Rename.
6. Type a new username, and press [Enter].