User Accounts versus Single User

[Rock]

My reply is at the end, not inline.

Bill wrote

Those are good tools, but not relevant to the point. The purpose of
two admin accounts is to provide a simple fallback so one doesn't
have to use a utility and extra time to get things working (and
that's assuming one could fix it). This is protection for the
average (and smart) user. Bring out the big guns when needed, sure,
but why do so if other simpler measures will suffice?

Because you should have these tools to get you out of trouble anyway. And
if you single admin account gets trashed these tools can fix it for you.
And I personally never had a corrupt user account yet. Lucky maybe.

[snip]

Bill, in your original reply to the OP you wrote, "Well yes you can
delete the Administrator (user name) account and for
security purposes, it should be deleted." Now are you saying it's ok
to have more than one admin account and implying the Adminstrator
account is ok too, but the problem is with the name? So which is it?

Should it be deleted for security purposes, as you originally stated,
and if so what is the specific security purpose?

Or is it that your security concerns can truly be satisified by
assigning a strong password and renaming the account, as a simpleton
might do?

I don't think you are following me. I don't believe having a user named
Administrator on any Windows machine is ever a good idea. Rename it,
delete it, or whatever. As a hacker needs to know two things to hack into
your computer. And knowing that most people have a user name Administrator
makes it much easier for them. Although if there is no such user, it makes
it that much tougher for them. As now they have to find out a valid user
name. Thus for security purposes, I highly recommend this. And many
Windows XP Home users has a blank password for the Admin account anyway.
Not good at all.

Rock wrote

Bill wrote

Have you actually tried this, Bill? The Administrator account
doesn't show up by default in the User Accounts applet in Control
Panel. In XP Pro in normal mode one has to go to a command prompt
and run control userpasswords2. (I'm not sure how you would get to
it in XP Home. I'm thinking start in Safe Mode, login to the other
admin account, and do control userpasswords2).

Highlight the Administrator account, click on "Remove" and XP throws
an error, "The user <Computer Name><Administrator> could not be
removed". It doesn't matter if the account was renamed, either. XP
won't delete that account.

I guess not so simple?

Yes I have done it before. And so did Navycross...

http://www.softwaretipsandtricks.com/forum/70041-post7.html

Bill wrote

Yes, I was aware that you can mess with it by extraordinary means. Have
you actually read that article? Here is a quote from it, near
the beginning of the article:

"DISCLAIMER

"Before I begin, I am obliged to point out that editing the Registry
in Windows is risky at the best of times, and that following the
steps in this article is downright nuts. ... Even if you follow these
steps perfectly you could still render your system mangled by
unintentionally removing all administrative accounts. ..."

And you believe all Admin accounts can't be deleted. Imagine that!

[snip]

[Note: the last sentence in this paragraph is in bold font for
emphasis. (I wonder why, eh?) Since I am posting in text mode the
bold doesn't show.]

Works here! Just use *bold* (by adding asterisks) and OE-QuoteFix displays
no asterisks but the text in between as bold text. This is the way we
always have done it when everything only came in plain text.

Did the author actually delete the Administrator account, you ask? No.
"I decided that the easiest way to achieve my purpose was not to try
and delete the Administrator account, but to simply remove it from
the local Administrators group (thus removing its privileges). "

And that's the process the article goes on to discuss in complicated
detail.
Do you still maintain that one can and should delete the Administrator
account for security purposes? Is this something the average user
or even not so average user should do for system security?

I have and continue to maintain that the user name Administrator is a
security risk. Rename it, delete it, or whatever you want.

Bill, the point isn't to get into an argument about who is right, the
point is to provide the OP with the best info, wouldn't you agree?

----------------------------------------------------------------------

I must admit Bill, you gave me a hearty laugh with this reply. I must
commend you for your valiant efforts to do the side step, to obfuscate, to
talk in circles, and avoid answering questions. You have conveniently tried
to dance around every area where you have made contradictory statements,
and/or gave inaccurate advice. Have you been in politics by any chance?


Here's the gist.

1. You stated to the OP,

"Well yes you can delete the Administrator (user name) account
and for security purposes, it should be deleted."

2. The fact is a user _can't_, without going to extraordinary means, delete
the Administrator account, nor should they. This could render the system
unworkable or "mangled" as the author of the first reference you offered as
proof even stated.

You conveniently snipped out the quote I included from that reference where
the author states,

"I ran into a situation several years or ago where ... it was
"necessary to be able to either remove or disable the
"builtin Administrator account in NT. _This is a problem
"because NT doesn't provide you with any way to do this._"

(My underscore for emphasis)

Instead you went off on a useless tangent about how to bold text in a post.
Lol, that was good Bill.

3. You stated there is no reason to have more than one admin level account.
I explained why more than one is important, and that one could answer
security concerns by assigning a strong password and renaming it. In
subsequent posts you answer this by going off on a tangent that you like to
use certain tools to fix problems if the sole admin level account is
corrupted

That of course is totally irrelevant to the issue since one can prevent
having the need to fix those problems by not allowing those problems to
occur in the first place (by having more than one admin level account).
That argument is indicative of you're use of obfuscation to dance around the
issues.

4. Now you have back pedaled even more saying it's fine to have more than
one admin account, but one should either delete or rename the Administrator
account.

But that account can't be deleted by any normal means, Bill

5. The second reference you offered about the deletion of the built in
Administrator account is from "Navycross"
http://www.softwaretipsandtricks.com/forum/70041-post7.html.

I don't think you even read it, did you? Or if you did you certainly didn't
understand it. It is a discussion about how to delete all other (user
created) admin level accounts, not the Administrator account. One poster
wrote,

"It is possible to remove all accounts _but_ the Administrator
"account."

(My underscore for emphasis)

Navycross not only didn't even attempt to delete the Administrator account.
He was posting because he wanted but was so far unable to delete the other
(user created) admin level account that was on the system.

Again you try to provide proof for your assertion which proof actually
supports that the assertion is wrong. Reread that reference Bill to
understand.

5. Lastly, you maintain you have deleted the Administrator account using
one of the GUI means available in XP. I don't see how you can maintain
that. XP will not let you delete it. I have given the steps to repro it,
and specified the error message that comes up when an attempt is made to
delete the built in Administrator account.

I don't know if you are confused between the built in Administrator account
and other accounts that can be created with Admin privileges, or you're
thinking about a different operating system, or there is some other reason
here.

In any event, the advice given to the OP was incorrect, and the important
thing is to clarify that for the OP.

The built in Administrator account cannot be deleted (barring extraordinary
means) , nor should one attempt to, nor is there any need to. Attempting to
or removing that account can render the system unworkable. Best practice is
to assign a strong password to it, and if you want, rename it.

This thread has gone as far as it can, beyond that as AJR said, it's a waste
of time.

Have fun with the dance, Bill.

 

[BillW50]

My reply is at the end, not inline.

Mine is inline.

I must admit Bill, you gave me a hearty laugh with this reply. I must
commend you for your valiant efforts to do the side step, to
obfuscate, to talk in circles, and avoid answering questions. You
have conveniently tried to dance around every area where you have
made contradictory statements, and/or gave inaccurate advice. Have
you been in politics by any chance?

I am glad you enjoyed it. And it still bothers you people are doing what
you say can't be done, eh?

Here's the gist.

1. You stated to the OP,

"Well yes you can delete the Administrator (user name) account
and for security purposes, it should be deleted."

And I stand by it. I personally believe having a user named
Administrator is a big mistake. I have explained why and you keep
ignoring it. Why is that Rock?

2. The fact is a user _can't_, without going to extraordinary means,
delete the Administrator account, nor should they. This could render
the system unworkable or "mangled" as the author of the first
reference you offered as proof even stated.

You conveniently snipped out the quote I included from that reference
where the author states,

"I ran into a situation several years or ago where ... it was
"necessary to be able to either remove or disable the
"builtin Administrator account in NT. _This is a problem
"because NT doesn't provide you with any way to do this._"

(My underscore for emphasis)

Not a problem. One user couldn't figure it out. Does that mean nobody
can? Hardly!

Instead you went off on a useless tangent about how to bold text in a
post. Lol, that was good Bill.

Far more useful information than this thread.

3. You stated there is no reason to have more than one admin level
account. I explained why more than one is important, and that one
could answer security concerns by assigning a strong password and
renaming it. In subsequent posts you answer this by going off on a
tangent that you like to use certain tools to fix problems if the
sole admin level account is corrupted

That of course is totally irrelevant to the issue since one can
prevent having the need to fix those problems by not allowing those
problems to occur in the first place (by having more than one admin
level account). That argument is indicative of you're use of
obfuscation to dance around the issues.

Nope! I guess I have to speak in very simple terms for you to
understand. Okay you have to choices here.

1) Create a second admin account and all it will do is provide a second
admin account, or

2) Use BartPE and ERUNT which will protect your admin account, your
registry, all of your user accounts, access locked files, backup any or
all files, repair your Windows install, and tons of other things as
well.

Well duh Rock. Let's see what door I want? Door number 1 or door number
2? You can pick door number one if you want too, but I am going for door
number two.

4. Now you have back pedaled even more saying it's fine to have more
than one admin account, but one should either delete or rename the
Administrator account.

But that account can't be deleted by any normal means, Bill

Because you are blinded by the truth. I never said to remove all admin
accounts. I said rename it, delete it or whatever. If you want more than
one admin account, fine. I don't care.

Simpletons and those dangerous at the keyboard, probably should take
door number one. But I believe the rest of us are better off with door
number two.

5. The second reference you offered about the deletion of the built
in Administrator account is from "Navycross"
http://www.softwaretipsandtricks.com/forum/70041-post7.html.

I don't think you even read it, did you? Or if you did you certainly
didn't understand it. It is a discussion about how to delete all
other (user created) admin level accounts, not the Administrator
account. One poster wrote,

"It is possible to remove all accounts _but_ the Administrator
"account."

(My underscore for emphasis)

Navycross not only didn't even attempt to delete the Administrator
account. He was posting because he wanted but was so far unable to
delete the other (user created) admin level account that was on the
system.

Exactly! And your problem is? AFAIK, Windows has no problems with
deleting any user accounts with admin privileges as long as one still
remains. Well not without registry hacking anyway.

Again you try to provide proof for your assertion which proof actually
supports that the assertion is wrong. Reread that reference Bill to
understand.

Really? I am way ahead of you Rock.

5. Lastly, you maintain you have deleted the Administrator account
using one of the GUI means available in XP. I don't see how you can
maintain that. XP will not let you delete it. I have given the
steps to repro it, and specified the error message that comes up when
an attempt is made to delete the built in Administrator account.

I don't know if you are confused between the built in Administrator
account and other accounts that can be created with Admin privileges,
or you're thinking about a different operating system, or there is
some other reason here.

No confusion here. I don't have any user named Administrator here on 4
of my computers. Nor is there a profile for one either. Nor did I hack
the registry either.

In any event, the advice given to the OP was incorrect, and the
important thing is to clarify that for the OP.

Incorrect in your opinion. But still valid for those whom knows what
they are doing.

The built in Administrator account cannot be deleted (barring
extraordinary means) , nor should one attempt to, nor is there any
need to. Attempting to or removing that account can render the
system unworkable. Best practice is to assign a strong password to
it, and if you want, rename it.

Yes for those incapable (simpletons) of understanding how Windows works.
I agree. Not true for the rest of us though.

This thread has gone as far as it can, beyond that as AJR said, it's
a waste of time.

Have fun with the dance, Bill.

Only for simpletons. For those technically minded, there is still lots
of room left.

 

[Rock]

Lol, I have tried to avoid saying this Bill, but the reality is so obvious -
you are an absolute idiot. I guess the only real question here is - is it
natural or do you put it on? My guess is you're just plain 5150.

You have done way more than anyone ever could to demonstrate how inane what
you have said really is.

As AJR wisely opined, to go any further is a waste.

 

[BillW50]

Lol, I have tried to avoid saying this Bill, but the reality is so
obvious - you are an absolute idiot. I guess the only real question
here is - is it natural or do you put it on? My guess is you're just
plain 5150.

I have no idea what 5150 means Rock.

You have done way more than anyone ever could to demonstrate how
inane what you have said really is.

Well like they say:

Reality is what refuses to go away when you do not believe in it. --
Steven Pinker

and...

Should you find yourself the victim of other people's bitterness,
ignorance, smallness or insecurities; remember, things could be worse.
You could be them!!! -- Anonymous

and...

The difference between genius and stupidity is that genius has its
limits -- Albert Einstein

As AJR wisely opined, to go any further is a waste.

And as I once said: "Only for simpletons. For those technically minded,
there is still lots of room left."