Kategorien
Digitalisierung

Rename and disable Built-in Administrator – PowerShell

Why the Windows Built-in Administrator should be disabled. On all Windows systems, the SID of the Built-In Administrator account ends with the same number: the famous SID-500. SID stands for Security Identifier.

And here is a way to rename and disable the Built-In Administrator account via PowerShell.

REGARD:

Only run such scripts if you know exactly what you’re doing and don’t lock yourself out as an admin.

# ++ Rename & Disable Built-In Admin

# Query the Built-In Administrator account by its SID
$admin = Get-LocalUser | Where-Object {$_.SID -like "*-500"} 
$adminbuiltinname = $admin.Name

# Renamed the Built-In Administrator account
Rename-LocalUser -Name "$adminbuiltinname" -NewName "Built-In-Renamed"
        
# Deactivation of the Built-In Administrator account
Disable-LocalUser -Name "Built-In-Renamed"

Stay blogged. 😎

Dein Matthias Düsi