[Samba] Disabling or deleting domain "Administrator" account
Denis Cardon
dcardon at tranquil.it
Mon Jun 17 09:32:57 UTC 2019
Hi Jonathon,
>
> A client is asking about disabling, deleting or renaming the domain
> "Administrator" account on a Samba AD. I've seen this done on Windows
> AD domains for security purposes.
administrator account is not nominative, and as such should not be used.
So disabling it and creating personal domain admin (for example
jdoe-adadm, different from the delegated admin account jdoe-adm, and
different from the personal account jdoe) is recommended.
> Assuming the risk of being locked-out is mitigated (i.e. an equivalent
> user is created and is a member of the same groups), is there any
> reason this can't be done on a Samba AD as well?
like Andrew was saying, Samba-AD has an advantage here in the sense that
Samba is just a service above your Linux OS (or whatever OS you are
using). So if you need to re-enable it at some point, you can always ssh
to the box and re-enable it.
Cheers,
Denis
>
> Is the "Administrator" account used for anything "special" that would
> cause problems if the account were disabled, deleted, or renamed?
>
> Thank you,
> Jonathon Reinhart
>
--
Denis Cardon
Tranquil IT
12 avenue Jules Verne (Bat. A)
44230 Saint Sébastien sur Loire (FRANCE)
tel : +33 (0) 240 975 755
http://www.tranquil.it
Tranquil IT recrute! https://www.tranquil.it/nous-rejoindre/
Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr
More information about the samba
mailing list