info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] rename Administrator account
37 views
Skip to first unread message
Bart Coninckx via samba
Mar 17, 2017, 11:00:02 AM3/17/17
to
Hi all,
Renaming the admin account in Windows server context is a popular measure to make the network more safe.
Can we do this also in Samba 4? Are there any negative consequences?
Met Vriendelijke Groet,
Kind Regards,
Salutations,
Bart Coninckx
Bits 'n Tricks BVBA
Hoge Mierdse Heide 182
2360 Oud-Turnhout
tel. +32 14 480 820
gsm +32 478 88 33 08
in...@bitsandtricks.com
http://www.bitsandtricks.com
BTW: BE0817.401.875
Crelan BE46 8601 0806 3436
Voor onze Algemene Voorwaarden, zie: http://www.bitsandtricks.com/index.php/contact/algemene-voorwaarden
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Renaming the admin account in Windows server context is a popular measure to make the network more safe.
Can we do this also in Samba 4? Are there any negative consequences?
Met Vriendelijke Groet,
Kind Regards,
Salutations,
Bart Coninckx
Bits 'n Tricks BVBA
Hoge Mierdse Heide 182
2360 Oud-Turnhout
tel. +32 14 480 820
gsm +32 478 88 33 08
in...@bitsandtricks.com
http://www.bitsandtricks.com
BTW: BE0817.401.875
Crelan BE46 8601 0806 3436
Voor onze Algemene Voorwaarden, zie: http://www.bitsandtricks.com/index.php/contact/algemene-voorwaarden
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Marc Muehlfeld via samba
Mar 18, 2017, 10:30:03 AM3/18/17
to
Am 17.03.2017 um 15:52 schrieb Bart Coninckx via samba:
> Renaming the admin account in Windows server context is a
> popular measure to make the network more safe.
>
> Can we do this also in Samba 4? Are there any negative consequences?
Sure you can rename it. Being a member of the right groups decite what
> Renaming the admin account in Windows server context is a
> popular measure to make the network more safe.
>
> Can we do this also in Samba 4? Are there any negative consequences?
an account can do.
However, I don't understand how renaming the admin account improves the
security. For example, every domain user can easily find out who is a
member of the "Domain Admins" group:
> dsquery group -name "Domain Admins" | dsget group -members
"CN=DomAdm,CN=Users,DC=samdom,DC=example,DC=com"
Regards,
Marc
PS. By the way talking about "Samba 4" can be misleading. It's better if
you use the terms "Samba AD", "Samba NT4 domain", "Samba standalone
server", "Samba domain member", etc. depending on what you are talking
about. Samba 4 can act as all of them.
Bart Coninckx via samba
Mar 21, 2017, 11:40:03 AM3/21/17
to
>Sure you can rename it. Being a member of the right groups decite what
>an account can do.
>However, I don't understand how renaming the admin account improves the
>security. For example, every domain user can easily find out who is a
>member of the "Domain Admins" group:
>> dsquery group -name "Domain Admins" | dsget group -members
"CN=DomAdm,CN=Users,DC=samdom,DC=example,DC=com"
>Regards,
>Marc
Hi Marc,
>an account can do.
>However, I don't understand how renaming the admin account improves the
>security. For example, every domain user can easily find out who is a
>member of the "Domain Admins" group:
>> dsquery group -name "Domain Admins" | dsget group -members
"CN=DomAdm,CN=Users,DC=samdom,DC=example,DC=com"
>Regards,
>Marc
I agree that is not the holy grail of security, but as an average user is not able to do a dsquery, it has some added value.
My customer asked me this, so I now I can tell him that it its possible,
cheers,
BC
0 new messages