security

Stop Brute Force Cold: How to Rename the Local Administrator via GPO | Lazy Admin Blog

Posted on November 21, 2015 Updated on March 23, 2026

The “Administrator” account is a universal target. Because every Windows machine has one by default, hackers already have 50% of the login equation—the username. By renaming this built-in account across your entire Active Directory domain, you significantly lower the risk of automated brute-force attacks.

Best of all? You don’t have to touch a single workstation. We can do this globally using Group Policy Preferences (GPP).

Step 1: Create or Edit your GPO

Open the Group Policy Management console (gpmc.msc).
Create a new GPO (e.g., “Security – Rename Local Admin”) or edit an existing one linked to your target Workstations or Servers OU.
Right-click the GPO and select Edit.

Step 2: Configure the Local User Preference

Navigate to the following path within the editor: Computer Configuration > Preferences > Control Panel Settings > Local Users and Groups

Right-click Local Users and Groups and select New > Local User.
Configure the following settings in the dialog box:
- Action: Select Update.
- User name: Select Administrator (built-in) from the dropdown. (Using the built-in identifier ensures the rename works even if the account was previously renamed).
- Rename to: Enter your new, non-obvious username (e.g., SrvManager_Admin).
- Full name: Enter a descriptive name.
- Password: You can optionally reset the password here, though using LAPS (Local Administrator Password Solution) is recommended for password management.

Step 3: Deployment & Verification

By default, Group Policy refreshes every 90 minutes. If you want to see the change immediately on a specific client, run the following command in an elevated prompt:

DOS

gpupdate /force

Is it working?

If the name hasn’t changed, use the GPResult tool to see if the policy is being applied to the computer object:

DOS

gpresult /r

Troubleshooting Tips:

OU Check: Ensure the Computer object is actually inside the OU where the GPO is linked.
Security Filtering: Verify that Authenticated Users or Domain Computers have “Read” and “Apply Group Policy” permissions in the GPO’s Delegation tab.
Replication: If some sites see the change and others don’t, check your Domain Controller replication status.

Why this is a “Lazy Admin” Win

Instead of using scripts or manual intervention, GPO Preferences handle the logic for you. If you ever need to change the name again, you update one field in the GPO, and the entire domain follows suit.

This entry was posted in Active Directory, Windows and tagged Active Directory, CyberSecurity, GPO, GPP, Group Policy, IT Security Audit, Local Administrator, security, SysAdmin Tips, Windows Server.

The Permission Panic: How to Backup and Restore Share & NTFS Permissions | Lazy Admin Blog

Posted on June 15, 2015 Updated on March 23, 2026

It only takes one “Inheritance” checkbox error to bring a department to a standstill. If you are migrating a file server or just performing routine maintenance, having a permission backup is your “Undo” button.

1. Share Permissions (The Registry Method)

“Share” permissions (the ones you see in the Sharing tab) are not stored on the files themselves; they are stored in the Windows Registry.

To Backup: Open a Command Prompt (Admin) and run:

DOS

			
reg export HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares shareperms.reg

To Restore: Simply import the file back on the new or repaired server:

DOS

reg import shareperms.reg

Note: You must restart the ‘Server’ service or reboot for the shares to reappear.

2. NTFS Permissions (The icacls Method)

NTFS permissions (the “Security” tab) are much more complex. We use the built-in icacls tool to handle these.

The Backup Command:

DOS

icacls d:\data /save ntfsperms.txt /t /c

/t: Recurses through all subfolders.
/c: Continues even if it hits a single file error (like a long file path).

The “Tricky” Restore Command: When restoring, icacls treats the paths inside the text file as relative. If your backup file says “Data\Folder1,” and you try to restore to D:\Data, it will look for D:\Data\Data\Folder1.

The Correct Syntax:

DOS

icacls d:\ /restore ntfsperms.txt

Lazy Admin Warning: Always point the restore command one level above the folder you backed up. If you backed up D:\Data, restore to D:\.

Understanding the “Secret Code” (SDDL)

If you open your ntfsperms.txt file, you’ll see strings like D:AI(A;ID;FA;;;BA). This is Security Descriptor Definition Language (SDDL).

BA = Built-in Administrators
SY = Local System
AU = Authenticated Users

It looks like gibberish, but to the Windows Kernel, it is a perfect map of your security infrastructure.

#WindowsServer #SysAdmin #DisasterRecovery #NTFS #FileServer #TechTips #CyberSecurity #ITAdmin #LazyAdmin

This entry was posted in Windows and tagged Disaster Recovery, File Shares, icacls, IT Operations, Migration, NTFS, Registry, security, SysAdmin Tips, Windows Server.

How to Patch Air-Gapped Windows Servers using WSUS Offline

Posted on May 5, 2015 Updated on April 14, 2026

Patching servers in an offline or “air-gapped” environment is a common challenge for SysAdmins. While Microsoft’s official WSUS role typically requires a network connection, the third-party tool WSUS Offline Update allows you to “bring the internet to the server” via a USB stick or DVD.

When to use this method?

This is an ideal solution for a one-time update or for small environments where setting up a complex, multi-tier WSUS architecture isn’t practical.

Note: This requires a “bridge” machine—a computer with internet access where you will build the update repository before moving it to the offline server.

Phase 1: Creating the Update Media (On the Online Machine)

Download the Tool: Head to wsusoffline.net and download the latest version.
Extract and Launch: Extract the ZIP file and run UpdateGenerator.exe.
Select Your OS: Check the boxes for the operating systems you need to patch (e.g., Windows Server 2016, 2019, or legacy versions like 2008 R2).
Download: Click Start. The tool will download all missing patches from Microsoft’s servers into a local folder.
- Size Tip: Expect downloads to range from 800MB to several GBs depending on the OS version.
Transfer: Copy the entire wsusoffline folder to your removable media (USB Drive, External HDD, or burn it to a DVD).

Phase 2: Patching the Offline Server

Insert Media: Plug your USB drive into the offline server.
Navigate to Client: Open the wsusoffline folder, then open the “client” subfolder.
Run Installer: Execute UpdateInstaller.exe.
Configure & Start: Select your desired options (like “Automatic reboot and recall”) and click Start.

The tool will now simulate a local Windows Update session, installing all the downloaded patches without ever needing a NIC connection.

#WSUS #AirGapped #SysAdmin #WindowsServer #CyberSecurity #ITAdmin #TechTips #OfflinePatching #LazyAdmin #ServerMaintenance

This entry was posted in Windows and tagged Air-Gapped Patching, Offline Updates, Patch Management, security, SysAdmin Tools, USB Boot, Windows Server, WSUS Offline.