[Samba] Disabling or deleting domain "Administrator" account
Andrew Bartlett
abartlet at samba.org
Mon Jun 17 05:10:36 UTC 2019
On Mon, 2019-06-17 at 01:01 -0400, Jonathon Reinhart via samba wrote:
> Hello,
>
> A client is asking about disabling, deleting or renaming the domain
> "Administrator" account on a Samba AD. I've seen this done on Windows
> AD domains for security purposes.
>
> Assuming the risk of being locked-out is mitigated (i.e. an equivalent
> user is created and is a member of the same groups), is there any
> reason this can't be done on a Samba AD as well?
Much less than on windows, because root can always edit the DB to put
it back.
> Is the "Administrator" account used for anything "special" that would
> cause problems if the account were disabled, deleted, or renamed?
Don't delete it. It should be fine to disable it and set a randompassword.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list