Windows Administrator Accounts Guideline
This document contains the following sections:
- Applies to
- Purpose of the Guideline
- Definition / Clarification
- Guideline Statement
- User Responsibilities and Procedures
- Revision History
This document describes the guidelines that Computing Services has developed to ensure secure use of Windows operating system accounts with administrator or privileged access rights.
Windows Operating System accounts on any computer, device or application that has administrator or privileged access rights.Carnegie Mellon Computing Policy establishes a general policy for the use of computing, telephone and information resources. The purpose of this guideline is to establish acceptable practices that support the policy as it applies to Windows Administrator Accounts.
Furthermore, the purpose of this guideline is to introduce effective practices aimed at reducing the opportunity for intruders to gain access to privileged accounts, reducing the occurrence of stealth installations of unwanted and/or malicious software, improving the security and manageability of privileged accounts when shared within workgroups, and to limit the use of privileged accounts according to the principle of least privilege.
For most purposes (e.g., day to day user activity) the administrator account is not required to perform the task at hand.
Principle of Least Privilege – States that all users should log on with a user account that has the absolute minimum permissions necessary to complete the current task.
Steps to take:
- Immediately change the “Administrator” account password that comes by default with any Windows system. The password should meet approved Password Guidelines.
- When creating new accounts with administrator privilege avoid account names that identify the level of assigned privilege, like “_admin”, “super_user”, ‘sysadmin”, etc.
- Apply the principle of least privilege to all accounts. Therefore, for normal, day-to-day computing usage that does not require administrator privilege, log in to accounts with “limited” privilege only.
- Limit who has access to accounts with administrator privilege. If access is warranted, limit the scope of access to only authorized computers.
- Audit all administrator logon/logoff events, failed logon attempts and review event logs for unexpected password changes on administrator accounts. Promptly investigate unexpected or unusual findings.
- Do not include account names and passwords in script files (or any unencrypted file). For instance, on Windows Systems, use the “RunAs” command to launch system scripts.
- Consider changing administrator passwords remotely from a known secured machine to avoid the potential for “keyloggers” on a compromised computer.
- Consider disabling SAM enumeration. SAM enumeration is the ability to list all account names and SIDs on a given machine. To disable SAM enumeration, edit the local GPO for an individual machine OR edit one of the domain GPO’s for networked machines.
Guideline Modified: April 11, 2006
Guideline Established: April 11, 2006