Increasing security on AD domain member servers
Hello experts, I am sure there is a lot of buzz around here regarding to this topic, but here comes the question anyway: Would you recommend disabling the local Administrator accunt (along with any other local account with administrative rights if exists) on a domain member 2008 server after it has joined an A domain to increase security, thus relying only on AD authentication and policies ? Do I have to take into consideration any drawbacks along with a possible AD outage ? Thank you very much for your support. Massimiliano
May 27th, 2010 12:25am
Hi, It’s OK to disable local administrator account. If there is an AD outage, to log on to Windows by using the disabled local Administrator account, start Windows in Safe mode. Even when the Administrator account is disabled, you are not prevented from logging on as Administrator in Safe mode. When you have logged on successfully in Safe mode, re-enable the Administrator account, and then log on again. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.
June 2nd, 2010 10:50am