The Windows Server 2025 built-in administrator account must be renamed.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-278197 | SRG-OS-000480-GPOS-00227 | WN25-SO-000030 | SV-278197r1182315_rule | 2026-02-20 | 1 |
Description
The built-in administrator account is a well-known account subject to attack. Renaming this account to an unidentified name improves the protection of this account and the system.
ℹ️ Check
This applies to member servers and stand-alone or nondomain-joined systems; it is not applicable for domain controllers.
Verify the effective setting in Local Group Policy Editor.
Run "gpedit.msc".
Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options.
If the value for "Accounts: Rename administrator account" is not set to a value other than "Administrator", this is a finding.
For server core installations, run the following command:
Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt
If "NewAdministratorName" is not something other than "Administrator" in the file, this is a finding.
✔️ Fix
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Accounts: Rename administrator account to a name other than "Administrator".