Administrator Account Security
We all know that the Administrator account is essentially the god of the Windows Server environment. With it, you can do absolutely anything - both for harm and for good. Logically, then, anyone trying to break into the deep dark recesses of your network is going to view that Adminstrator account as their golden ticket. If you wanted something to stay hidden, would you give a malicious stranger half of the map to finding it? Of course not! Likewise, letting them know the Username of your Administrator account is giving up half of the puzzle. You need to rename that Administrator account, and then only use it when absolutely necessary. You also need to ensure that when you log off of a station that that username is not still sitting in the first field of the login box, like Windows has a habit of allowing. Both of these things can be set in the Security Options group policy.
Access the Security Options from:
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
Enable Accounts: Rename Administrator Account then rename it to something of your choice that is, preferably, very difficult to guess.
Enable Interactive Logon: Do Not Display Last User Name to ensure that every logon screen is entirely blank. You do not want any malicious persons to have half the combination to the safe.
There are literally hundreds of other possible group policies, but these and the two discussed in the second article of this series will go a long way to keeping your network both safe and functional. If you are unsure about a policy, do not enable it. Additionally, leaving the majority of the low-priority policies set to "undefined" will ensure that your network stays at a high efficiency and that users do not feel bogged down by too much pointless restriction. In our next article we will discuss how to assign Group Policies to groups (and what those groups are).