0

I'm looking at all the accounts configured on a Windows 2008 R2 server.

There's one account 'Service Admin' (username service-admin) which I can't seem to find any information on why this accounts exists. It's part of the following groups.

  • Administrators
  • Domain Admins
  • Domain Users
  • Enterprise Admins
  • Group Policy Creator Owners
  • Schema Admins

I would have assumed that this is a built in/default account like the 'Administrator', although a lack of information online is making me think otherwise. Online searches seems to vaguely point towards Microsoft Azure, but AFAIK this isn't used on the server at all.

From 'net user' and the Windows event log it occasionally logs on/off for short periods between 20:00 and 21:00, possibly indicating it's a task running but I can't see anything in the Task Scheduler running at that around that time.

Improve this question

1 Answer 1

Reset to default
0

You can use a tool such as User2SID.exe to get the user account SID. If the account ends with -500 it is the built-in Active Directory Administrator Account.

http://www.windowsecurity.com/whitepapers/windows_security/Windows-Enumeration-USER2SID-SID2USER.html

Improve this answer
1
  • The number ends in -1640. It looks like it was created some time after the system was set up, so can't be one of the built-in accounts. Also in my case I used "wmic useraccount get name,sid" to get the SIDs which works without having to use any third party utliities.
    – MJF
    Commented Nov 2, 2016 at 11:23

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .