In Windows 2008 should I rename the Administrator account or disable it?
Microsoft Best Practices found on TechNet and MS Press' "Securing Windows Server 2008 R2"
1. Don't rename it.
You'll waste your effort and (for backward compatibility) if you have any apps/services on your network that require the Admin account to function, they will break.
2. Disable the BUILTIN\Administrator.
Renaming the account to create a honey pot for attackers is an outdated practice. Any cracker good enough to get this far into your network knows this ploy already. The cracker will just look for the SID ending in -500.
3. Create an account with a non-descript name and give it admin rights.
That is, name the account "JohnBlack" or "BettyClark". Do not name the account something like Superman, Root, Skywalker, or anything with Admin or ADM in it like testadm or LocalAdmin. Programs that still look for the Admin account by name have evolved enough to check for these names too.
4. After you've created the account in step 3, NEVER USE IT!
You can't audit Admin access, if you're using it as a regular account (aside from all the other reasons not to use it).
Common practice is to just rename the account.
Renaming the account is the best bet because you are going to require some sort of local admin account, and the one that ships has already been set up and configured nicely to run the system. Renaming it basically turns it into another account for purposes of security.