Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Ken Pfeil (Keninfosec101.org)
Date: Mon Oct 01 2001 - 12:17:53 CDT
Here is a tool that will delete the guest account.
I would be VERY hesitant to use any account that was set up by the system
for these purposes. And yes, if they can determine the SID, it is trivial to
know that this is the guest account.
> -----Original Message-----
> From: Brett Harmond [mailto:brett_harmondyahoo.com]
> Sent: Friday, September 28, 2001 5:46 PM
> To: FOCUS-MSSECURITYFOCUS.COM
> Subject: External Account Information
> Windows NT Server
> Since I can't delete the Guest account, I would like
> to use the Guest account as a "honeypot" Administrator
> account. Thus, I have already renamed my
> Administrator account to something else and I will be
> renaming my Guest account to "Administrator".
> Idealistically, I'd like this account to be disabled,
> have a really good password, and essentially no
> rights. If the account is disabled, can anyone trying
> to break into the system detect that the account is
> disabled and thus immediately detect that this is not
> the real Administrator account? In general, without
> logging into a system, what information about user
> accounts can be determined? Are there any tools out
> there to query account information from outside the
> Thanks in advance.
> Do You Yahoo!?
> Listen to your Yahoo! Mail messages from any phone.