Renaming local administrator accounts - good or bad?

A lot of the time I hear the following statement 'Renaming the local administrator account makes it secure'.

No, it doesn't. Renaming the local administrator account just leaves you with a renamed local administrator account. It only makes it secure from people who are too dumb to read SID's but overall adds very little in the scheme of security.

In Windows, the local administrator account, no matter what it is named will always have a SID ending -500. Guest is -501

With that information and a couple of tools you can list out the local accounts, find the administrator and attack the account. Of course, if you have physical access to the hard drive and the drive doesn't use any form of encryption there are plenty of password reset tools out there.

Author image
IT Person | Veeam Vanguard | VMware vExpert | Windows admin | Docker fan | Spiceworks moderator | keeper of 3 cats | Avid Tea fan