Secure Windows Server 2003 Built-in Accounts After the installation of Microsoft® Windows® Server 2003, the built-in accounts Administrator and Guest exist on the Web server. In some instances, potential attackers can exploit these well known accounts unless they are renamed or disabled. The Administrator account can be renamed, but cannot be disabled. The Guest account can be renamed and disabled. To help prevent potential attackers from exploiting these accounts, do the following:
Requirements
Recommendation As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type runas /user:administrative_accountname mmc %systemroot%\system32\inetsrv\iis.msc. Procedures
|