Newsletter Archives

• The problem with local administrator accounts

  Posted on April 24, 2023 at 02:45 CDT by Susan Bradley • Comment in the Forums

  

  ISSUE 20.17 • 2023-04-24

  Look for our BONUS issue on Monday, May 1, 2023!

  ON SECURITY

  

  By Susan Bradley

  Microsoft doesn’t want you to use a local administrator account, whether in a consumer or a business edition of Windows.

  But depending upon which sort of user you are, the company is taking two different approaches to “encourage” you to stop using local accounts.

  Read the full story in our Plus Newsletter (20.17.0, 2023-04-24).
  This story also appears in our public Newsletter.

  On Security Administrator account, LAPS, Local account, Local administrator account, Microsoft Account, Newsletters, Patch Lady Posts

• Brute force vs. local admins

  Posted on October 24, 2022 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Microsoft recently added new protections to ensure that ransomware operators can’t use a brute-force attack to discover the Local Administrator account’s password.

  The company introduced a new policy that provides “account lockouts for Administrator accounts.” Beginning with the October 11, 2022, or later Windows cumulative updates, a local policy will be available to enable Local Administrator account lockouts. As described in “Account lockout available for Local Administrators” (KB5020282), the capability is available for almost all versions of Windows dating back to Windows 7 and Server 2008.

  Read the full story in our Plus Newsletter (19.43.0, 2022-10-24).

  On Security Administrator account, Brute-force cracking, Local account, Newsletters, On Security, Patch Lady Posts

• Getting rid of local administrators

  Posted on June 21, 2021 at 02:41 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Administrator rights are easy to set up but hard to remove.

  Once upon a time, we always configured Windows computers with full administrative rights. We thought nothing of it; it was an expected and a normal part of getting a computer system ready to go. We took being an administrator for granted because we needed to install software and run programs that required administrator rights.

  Then people — attackers — began to realize that user accounts with administrative rights were the keys to the kingdom, making it easier for them to gain access to a system and do their dirty deeds.

  Read the full story in the AskWoody Plus Newsletter 18.23.0 (2021-06-21).

  AskWoody Plus Newsletter, On Security Administrator account, AskWoody Plus Newsletter, Patch Lady Posts, Security, Standard account, Windows

• Upgrading from Win10 1803 to 1809 may break the built-in “Administrator” account, but you probably aren’t affected

  Posted on January 2, 2019 at 10:43 CST by woody • Comment in the Forums

  Two good reports over the weekend about a newly-acknowledged bug in the Win10 1809 upgrade sequence.

  Günter Born: Windows 10 V1809: Upgrade deactivates Build-In Administrator

  Martin Brinkmann: Windows 10 version 1809 upgrade could invalidate Administrator account

  Both articles describe a Japanese TechNet “Network & AD support team” official post that describes how upgrading from 1803 to 1809 may “invalidate” the built-in account called “Administrator.”

  Ends up, there’s very little chance that your system will get bit by the bug, unless you have  manually activated the built-in account called “Administrator.” It’s an elusive beast.

  When you set up a new PC, the installation sequence prompts you to create an administrator account — you probably have one with your name (or the name of the person who set up your machine, or the PC manufacturer’s name) on it. That account has all of the normal “administrator” level permissions.

  At the same time, the installation sequence automatically creates a second account, called “Administrator,” that has all permissions. But the installer hides that account by default.

  Few people enable the account called “Administrator.” It’s considered a security risk — for good reason. You can invoke the genie by playing with a Group Policy, modifying the Computer Management/Local Users and Groups/Users setting, or by a command line. No, I won’t show you how to do it.

  If you’ve never enabled the “Administrator” account, you don’t need to worry about the bug. If you have enabled the “Administrator” account, do yourself a favor and disable it.

  If the only account on your PC with administrator privileges is the one called “Administrator,” the upgrade should go through without killing it, according to the MS Japan post.

  Windows Patches/Security Administrator account, Win10 1809 bugs