|
Renaming the local admin account is only useful if somebody has no possibility to bypass the "enter username/password" dialog and would need to guess both. If a user can log in with a local or domain account, he can list all local accounts of the computer he's working on. There is no way to prevent that.
If two computers have a local account with the same username/password combination and one of them accesses the other over the network Windows will test the current login credentials before even asking username/password for the remote computer. There are some small annoyances like losing your elevation status when you access remote network shares from an admin account, but since you have admin rights you can just elevate again.
So if all computers share the same admin username/password, of course anybody who knows that information can log in on those computers.
Accessing "network folders" is of course something else. A local admin has only local rights. Unless you have important data stored on workstations or use the same username/password for the domain admin, accessing server data will only work with a valid domain account.
A bad person could use the local admin to install some spyware which waits until a user with valid domain credentials logs in and access server data that way.
I really hope you are just a concerned employee and not the person responsible for the security of the network. ;-)
|
05-10-2017, 16:49
Similar Threads
Hybrid Mode
