Why the Windows Built-in Administrator should be disabled. On all Windows systems, the SID of the Built-In Administrator account ends with the same number: the famous SID-500. SID stands for Security Identifier.
And here is a way to rename and disable the Built-In Administrator account via PowerShell.
REGARD:
Only run such scripts if you know exactly what you’re doing and don’t lock yourself out as an admin.
# ++ Rename & Disable Built-In Admin
# Query the Built-In Administrator account by its SID
$admin = Get-LocalUser | Where-Object {$_.SID -like "*-500"}
$adminbuiltinname = $admin.Name
# Renamed the Built-In Administrator account
Rename-LocalUser -Name "$adminbuiltinname" -NewName "Built-In-Renamed"
# Deactivation of the Built-In Administrator account
Disable-LocalUser -Name "Built-In-Renamed"
Stay blogged. 😎
Dein Matthias Düsi