Late last week I was e-mailing with a long time reader about changing admin passwords and he asked me how to change the Default Administrator Account in MDT 2013. I know some people like to use the setup complete .cmd trick, but that’s really for those who aren’t using MDT to build & deploy.
Is there a prefered method for renaming the administrator account?
I used to do this using the “unattend.xml”. Can I do the same or is there a different method?
I add a a customized commandline wmic step at the very, very end of a task sequence to rename the admin account before the final reboot
wmic useraccount where name='Administrator' call rename name='SysAdmin'
I dunno what you wanna rename it to, I kind of like SysAdmin. It’s your build, just change it to something other than Administrator.
However, I have heard that the GUID for this account is globally available, so this may not be the MOST secure method, but at least it’s a start.
Super hardcore security types will disable the account, that way you need to get at it via boot media to turn it back on, in some environments this is overkill. A simple rename is fine.
Using WMI to rename the admin account is easy.
Adding this final step to MDT is easy, and far more effective than going through the whole hassle of creating another account, setting it up and disabling it via command line.