What is a common best practise when it comes to Active Directory "administrator" account?Should be deleted or renamed and disabled?paddy ryan

Renaming should be all you need to do with a strong password associated with it. I would not delete it.Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:ES, SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com

Hi paddy, Besides renaming the default Administrator account, you can also create a decoy Administrator Account. Please refer to the "Protecting the Administrator Account" section in the following article: Securing Active Directory Administrative Groups and Accounts http://technet.microsoft.com/en-us/library/cc700835.aspx Meanwhile, there are some other basic steps you can take to protect the Administrator account, such as "Reset the description" and "Configure a complex password for the account". Please refer to: Protecting the Administrator Account http://www.windowsecurity.com/articles/Protecting-Administrator-Account.html Regards, Bruce