Microsoft KB Archive/320053

From BetaArchive Wiki

Article ID: 320053

Article Last Modified on 11/1/2006


APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server


This article was previously published under Q320053


IN THIS TASK

SUMMARY

REFERENCES

SUMMARY

This step-by-step article describes how to change the administrator account and guest account names by using Group Policy.

In some cases, you may want to change the name of the administrator or guest user accounts to minimize the risk of attempted misuse of these accounts.

back to the top

Create a Group Policy Object

To create a Group Policy Object (GPO) with which to change the administrator and guest account names:

  1. Start the Active Directory Users and Computers snap-in. To do so, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. In the console tree, right-click your domain or the organizational unit in which you want to create the group policy, and then click Properties.
  3. Click the Group Policy tab, and then click New.
  4. Type the name that you want to call this policy (for example, Rename Administrator and Guest accounts), and then press ENTER.
  5. Click Close.

back to the top

Rename the Administrator and Guest Accounts

  1. Start the Active Directory Users and Computers snap-in.
  2. In the console tree, right-click your domain or the organizational unit that contains the group policy that you want, and then click Properties.
  3. Click the Group Policy tab, select the group policy object that you want, and then click Edit.
  4. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
  5. In the right pane of the Group Policy snap-in, double-click Rename administrator account.
  6. Click to select the Define this policy setting check box, and then type the name to which you want to rename the Administrator account.
  7. Click OK.
  8. Double-click Rename guest account.
  9. Click to select the Define this policy setting check box, and then type the name to which you want to rename the guest account.
  10. Click OK, and then quit the Group Policy snap-in.
  11. Click OK, and then quit the Active Directory Users and Computers snap-in.

back to the top

Troubleshooting

You may notice that if you attempt to reverse the changes to the administrator or guest account names by clearing the Define this policy setting check box in the Rename guest account or Rename administrator account dialog boxes, you are unable to log on to the domain by using the default user account names. To resolve this issue, use group policy to restore the default account names, and then clear the Define this policy setting check box. To do so:

  1. Start the Active Directory Users and Computers snap-in.
  2. In the console tree, right-click your domain or the organizational unit that contains the group policy that you want, and then click Properties.
  3. Click the Group Policy tab, select the group policy object that you want, and then click Edit.
  4. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
  5. In the right pane of the Group Policy snap-in, double-click Rename administrator account.
  6. Click to select the Define this policy setting check box, and then type Administrator.
  7. Click OK.
  8. Double-click Rename guest account.
  9. Click to select the Define this policy setting check box, and then type Guest.
  10. Click OK, and then quit the Group Policy snap-in.
  11. Click OK, and then quit the Active Directory Users and Computers snap-in.
  12. Click Start, click Run, type cmd in the Open box, and then click OK.
  13. At the command prompt, type the following, and then press ENTER:

    secedit /refreshpolicy machine_policy

    NOTE: There is an underscore character (_) between machine and policy in the preceeding command.
  14. Type exit, and then press ENTER to quit the command prompt.
  15. Start the Active Directory Users and Computers snap-in.
  16. In the console tree, right-click your domain or the organizational unit that contains the group policy that you want, and then click Properties.
  17. Click the Group Policy tab, select the group policy object that you want, and then click Edit.
  18. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
  19. In the right pane of the Group Policy snap-in, double-click Rename administrator account.
  20. Click to clear the Define this policy setting check box, and then click OK.
  21. Double-click Rename guest account.
  22. Click to clear the Define this policy setting check box, click OK, and then quit the Group Policy snap-in.
  23. Click OK, and then quit the Active Directory Users and Computers snap-in.

back to the top

REFERENCES

For additional information about group policy application rules for domain controllers, click the article number below to view the article in the Microsoft Knowledge Base:

259576 Group Policy Application Rules for Domain Controllers


For more information about Group Policy, see the "Windows 2000 Group Policy" white paper at the following Microsoft Web site:

http://www.microsoft.com/windows2000/docs/grouppolwp.doc


back to the top

Keywords: kbhowto kbhowtomaster KB320053



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/320053&oldid=176366
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki