subject: Domain User Account [print this page] After Windows Server 2003 replicates the new user account information, all of the domain controllers in the domain tree can authenticate the user during the logon process.
Note It can take a few minutes to replicate the domain user account information to all domain controllers. This delay might prevent a user from immediately logging on using the newly created domain user account. By default, replication of directory information within a site occurs every five minutes.
Built-in User Accounts
Windows Server 2003 automatically creates accounts called built-in accounts. Two commonly used built-in accounts are Administrator and Guest. MCSE
Use the built-in Administrator account to manage the overall computer and domain configuration for such tasks as creating and modifying user accounts and groups, managing security policies, creating printers, and assigning permissions and rights to user accounts to gain access to resources. This account is assigned the password you specified during Active Directory installation and has permissions to perform all tasks in the domain. The Administrator account cannot be deleted.
Because the Administrator account has full permissions, you must protect it from penetration by intruders. First, you should always rename the Administrator account with a new name that does not connect the account to administrative tasks. Renaming makes it difficult for unauthorized users to break into the Administrator account because they do not know which user account it is. Second, you should always use a long and complex password that cannot be easily cracked for the Administrator account. Third, do not allow too many people to know the administrator password. Finally, if you are the administrator, you should create a separate user account that you use to perform nonadministrative tasks. Log on by using the Administrator account only when you perform administrative tasks. Or, log on with your user account and use the Run As program when you need to perform a few administrative tasks. For information on setting up user accounts for performing nonadministrative tasks and the Run As program, see Chapter 8, "Administering Group Accounts." MCSE Exam
The purpose of the built-in Guest account is to provide users who do not have an account in the domain with the ability to log on and gain access to resources. For example, an employee who needs access to resources for a short time can use the Guest account. By default, the Guest account does not require a password (the password can be blank) and is disabled. You should enable the Guest account only in low-security networks and always assign it a password. If you enable the Guest account, always rename it to provide a greater degree of security. Use a name that does not identify it as the Guest account. You can rename and disable the Guest account, but you cannot delete it.
