Enabling security auditing is a good start
for securing Windows Home Server. However, you can take a number of
other security measures, such as renaming the Administrator account,
hiding the most recent username, checking the firewall status, and
disabling Windows Home Server’s hidden administrative shares. The next
few sections take you through these and other Windows Home Server
security measures.
Renaming the Administrator Account
By
default, Windows Home Server sets up one member of the Administrators
group: the Administrator account. This account is all-powerful on
Windows Home Server (and, by extension, on your home network), so the
last thing you want is for some malicious user to gain control of the
system with Administrator access. Unfortunately, black-hat hackers have
one foot in your digital door already because they know the default
account name is Administrator; now all they have to do is guess your
password. If you’ve protected the Administrator account with a strong
password, you almost certainly have no worries.
However, you can close the door completely on
malicious intruders by taking away the one piece of information they
know: the name of the account. By changing the account name from
Administrator to something obscure, you add an extra layer of security
to Windows Home Server.
Here are the steps to follow to change the name of the Administrator account:
1. | Log on to Windows Home Server.
|
2. | Select Start, right-click Computer, and then click Manage. The Computer Management snap-in appears.
|
3. | Open the System Tools, Local Users and Groups, Users branch.
Tip
You can open the Local Users and Groups snap-in directly by selecting Start, typing lusrmgr.msc, and then pressing Enter.
|
4. | Right-click the Administrator account, and then click Rename.
|
5. | Type the new account name, and then press Enter.
|
Note
The Guest account also has an obvious and well-known name, so if you’ve enabled the Guest account, be sure to rename it as well.
Hiding the Username in the Log On Dialog Box
When you log on locally to Windows Home Server, the
Log On to Windows dialog box always shows the name of the most recent
user who logged on successfully. It’s unlikely that a malicious user
would gain physical access to the server in your home, but it’s not
impossible. Therefore, renaming the Administrator account as described
in the previous section is useless because Windows Home Server just
displays the new name to anyone who wants to see it.
Fortunately, you can plug this security breach by following these steps:
1. | Log on to Windows Home Server.
|
2. | Select Start, Administrative Tools, Local Security Policy. The Local Security Setting snap-in appears.
Tip
You can also open the Local Security Setting snap-in by selecting Start, typing secpol.msc, and then pressing Enter.
|
3. | Open the Security Settings, Local Policies, Security Options branch.
|
4. | Double-click the Interactive Logon: Do Not Display Last User Name policy.
|
5. | Click the Enabled option.
|
6. | Click OK.
|
