I'm working on an FAQ for passwords right now. Look for it in the Security Newsletter next month (http://www.microsoft.com/technet/security/secnews/newsletter.htm). However, one thing that has come up more than a few times in the recent past is what to do with the built-in Administrator account. I'm not sure that it fits in the framework of passwords per se, but it may actually merit a blog post, so here are some do's and don'ts. Keep in mind, I am specifically referring only to BUILTIN\Administrator, also known as NT AUTHORITY\Administrator; the account with relative identifier 500.