sql-server add tag
James Jenkins (imported from SE)
'distributor_admin' is a SQL-auth account that is used for replication. Out of the box it is granted sysadmin and currently it looks like that can not be dialed back to db_owner (see related [Does distributor_admin need sysadmin?](https://topanswers.xyz/databases?q=872) ).

According to [some sources (pg4 of PDF)](http://www.mcafee.com/us/resources/white-papers/foundstone/wp-low-hanging-fruits.pdf) distributor_admin is one of the top eight SQL usernames used in brute force attacks. It is considered a [best practice to rename the 'sa' account](https://dba.stackexchange.com/questions/103825) can the 'distributor_admin'be renamed also?

I looked around and don't find anyone suggesting this alternative. I found a few posts that [implied the **possibility** of the 'distributor_admin'](https://support.microsoft.com/en-us/kb/818334) being hard coded into the replication process. 

There is not a lot of recent documentation about the distributor_admin account with replication. 
Top Answer
mrdenny (imported from SE)
No it can't be renamed.  The good news is that the account only exists on the distributor, which doesn't really contain any user data.

You can safely disable the account when you aren't setting up new replication publishers. If you need to setup a new publisher, enable the account setup the publisher then disable the account again.

It does need to have `sysadmin` rights. It needs to be able to create linked servers.

This room is for discussion about this question.

Once logged in you can direct comments to any contributor here.

Enter question or answer id or url (and optionally further answer ids/urls from the same question) from

Separate each id/url with a space. No need to list your own answers; they will be imported automatically.