Article ID: 320053
Article Last Modified on 11/1/2006
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
This article was previously published under Q320053
IN THIS TASK
SUMMARY
This step-by-step article describes how to change the administrator account and guest account names by using Group Policy.
In some cases, you may want to change the name of the administrator or guest user accounts to minimize the risk of attempted misuse of these accounts.
back to the top
Create a Group Policy Object
To create a Group Policy Object (GPO) with which to change the administrator and guest account names:
- Start the Active Directory Users and Computers snap-in. To do so, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
- In the console tree, right-click your domain or the organizational unit in which you want to create the group policy, and then click Properties.
- Click the Group Policy tab, and then click New.
- Type the name that you want to call this policy (for example, Rename Administrator and Guest accounts), and then press ENTER.
- Click Close.
Rename the Administrator and Guest Accounts
- Start the Active Directory Users and Computers snap-in.
- In the console tree, right-click your domain or the organizational unit that contains the group policy that you want, and then click Properties.
- Click the Group Policy tab, select the group policy object that you want, and then click Edit.
- Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
- In the right pane of the Group Policy snap-in, double-click Rename administrator account.
- Click to select the Define this policy setting check box, and then type the name to which you want to rename the Administrator account.
- Click OK.
- Double-click Rename guest account.
- Click to select the Define this policy setting check box, and then type the name to which you want to rename the guest account.
- Click OK, and then quit the Group Policy snap-in.
- Click OK, and then quit the Active Directory Users and Computers snap-in.
Troubleshooting
You may notice that if you attempt to reverse the changes to the administrator or guest account names by clearing the Define this policy setting check box in the Rename guest account or Rename administrator account dialog boxes, you are unable to log on to the domain by using the default user account names. To resolve this issue, use group policy to restore the default account names, and then clear the Define this policy setting check box. To do so:
- Start the Active Directory Users and Computers snap-in.
- In the console tree, right-click your domain or the organizational unit that contains the group policy that you want, and then click Properties.
- Click the Group Policy tab, select the group policy object that you want, and then click Edit.
- Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
- In the right pane of the Group Policy snap-in, double-click Rename administrator account.
- Click to select the Define this policy setting check box, and then type Administrator.
- Click OK.
- Double-click Rename guest account.
- Click to select the Define this policy setting check box, and then type Guest.
- Click OK, and then quit the Group Policy snap-in.
- Click OK, and then quit the Active Directory Users and Computers snap-in.
- Click Start, click Run, type cmd in the Open box, and then click OK.
- At the command prompt, type the following, and then press ENTER:
secedit /refreshpolicy machine_policy
- Type exit, and then press ENTER to quit the command prompt.
- Start the Active Directory Users and Computers snap-in.
- In the console tree, right-click your domain or the organizational unit that contains the group policy that you want, and then click Properties.
- Click the Group Policy tab, select the group policy object that you want, and then click Edit.
- Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
- In the right pane of the Group Policy snap-in, double-click Rename administrator account.
- Click to clear the Define this policy setting check box, and then click OK.
- Double-click Rename guest account.
- Click to clear the Define this policy setting check box, click OK, and then quit the Group Policy snap-in.
- Click OK, and then quit the Active Directory Users and Computers snap-in.
REFERENCES
For additional information about group policy application rules for domain controllers, click the article number below to view the article in the Microsoft Knowledge Base:
259576 Group Policy Application Rules for Domain Controllers
For more information about Group Policy, see the "Windows 2000 Group Policy" white paper at the following Microsoft Web site:
Keywords: kbhowto kbhowtomaster KB320053