Web lists-archives.com

Re: [Samba] rename Administrator account




Am 17.03.2017 um 15:52 schrieb Bart Coninckx via samba:
Renaming the admin account in Windows server context is a
popular measure to make the network more safe.

Can we do this also in Samba 4? Are there any negative consequences?

Sure you can rename it. Being a member of the right groups decite what an account can do.

However, I don't understand how renaming the admin account improves the security. For example, every domain user can easily find out who is a member of the "Domain Admins" group:

> dsquery group -name "Domain Admins" | dsget group -members
"CN=DomAdm,CN=Users,DC=samdom,DC=example,DC=com"

Regards,
Marc


PS. By the way talking about "Samba 4" can be misleading. It's better if you use the terms "Samba AD", "Samba NT4 domain", "Samba standalone server", "Samba domain member", etc. depending on what you are talking about. Samba 4 can act as all of them.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba