Best Practices for Making Administrative Accounts More Secure
● Separate domain administrator and enterprise administrator roles.
● Separate user and administrator accounts.
● Use the Secondary Logon service.
● Run a separate Terminal Services session for administration.
● Rename the default Administrator account.
● Create a decoy Administrator account.
● Create a secondary Administrator account and disable the built-in Administrator account.
● Enable Account Lockout for Remote Administrator Logons.
● Create a strong Administrator password.
● Automate scanning for weak passwords.
● Use administrative credentials on trusted computers only.
● Audit accounts and passwords on a regular basis.
● Prohibit account delegation.
● Control the administrative logon process.