【原创-节译】windows系统中本地administrator帐号的安全

时间:2022-12-07 13:59:51


purpleendurer注:
英文原文见:​​​http://techrepublic.com.com/5100-1009_11-5692378.html?tag=nl.e102​

这里只翻译其中具体操作的部分

Secure the local administrator account in Windows
windows系统中本地管理员帐号的安全

by  Michael Mullins CCNA, MCP

Takeaway:
Did you know the Windows local administrator account is the only access someone needs to completely wreak havoc on your network? Locking down this account can go a long way toward securing your corporate systems. Mike Mullins offers some quick ways to better protect the local administrator account. 
你是否知道,对于一个想发泄地破坏你的网络的人来说,获取windows系统中本地dministrator帐号是他惟一的机会。
锁定这个帐号可以使你的公司系统安全前进一大步。
迈克.马林斯提供了一些快捷的方法来更好的保护本地administrator 帐号。


Secure the administrator account in Windows 2000Windows 2000中的administrator帐号安全
 
Windows 2000 doesn't allow you to disable the administrator account. However, you can take steps to provide almost the same level of security as turning off this account. Follow these steps:
Windows 2000不允许禁用administrator帐号。然而,你可以采用一些步骤达到与关闭这个帐号同样的效果。具体步骤:

Log on either as administrator or as a user with administrator permissions.
以其他管理员帐号或者具有管理员权限的用户帐号登录。

Go to Start | Programs | Administrative Tools | Local Security Policy.
开始--》程序--》管理工具--》本地安全策略

In the Local Security Settings console, expand Local Policies, and select User Rights Assignment.
在本地安全策略设置控制台, 展开本地策略,选择用户权限指派

Double-click Deny Access To This Computer From The Network.
双击拒绝从网络访问这台计算机

In the Security Policy Setting dialog box, click Add.
在安全策略设置对话框中, 点击添加。

In the Select Users Or Groups dialog box, select the administrator account, and click Add.
在选择用户或用户组对话框中, 选择administrator帐号,点击添加.

Click OK twice, and close the Local Security Settings console.
点击两次确认,关闭本地安全策略设置控制台。

Reboot the machine for the change to take effect.
重新启动计算机以使改变生效

Disable the administrator account in Windows XP and Windows Server 2003
禁用Windows XP和2003中的administrator帐号

To disable the local administrator account, follow these steps:
按照以下步骤禁用本地administrator帐号

Log on either as administrator or as a user with administrator permissions.
以其他管理员帐号或者具有管理员权限的用户帐号登录。

Right-click My Computer, and select Manage.
右击我的电脑图标, 从弹出的菜单中选择管理

Expand Local Users And Groups, and select Users.
展开本地用户和用户组, 选择用户。

Double-click Administrator.
双击Administrator

Select the Account Is Disabled check box, and click OK.
选定禁用此帐号选择框, 点击确认。

Close the Computer Management console. The change will take effect after you log off the computer.
Final thoughts
关闭计算机管理控制台。
改变将在注销后生效。