Re: RE: Restricting the change of the local administrator account password.

• Previous message: Bob the Builder: "RE: Restricting the change of the local administrator account pas sword."
• Maybe in reply to: Sergey V. Gordeychik: "RE: Restricting the change of the local administrator account password."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Depp, Dennis M." <deppdm@ornl.gov>, Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net>, focus-ms@securityfocus.com
Date: Fri, 7 May 2004 8:05:15 -0400

> Another option is to create a policy
> that prevents them from doing so. If they disobey the policy they loose admin rights.
>
 My feeling watching this thread was that a documented policy was the way to go, it doesn't seem like a technical solution will suffice. Many organizations mandate that Domain Admins restrict their own access to specific OUs, Servers etc. that house financial data, or information that must be kept anonymous to comply with Privacy laws. Really the only way to accomplish this is a regular compliance check from a third party like Legal or HR. It should be understood by the Admins in question that serious consequences will follow if they are found to have changed the admin password.

Rob.

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Bob the Builder: "RE: Restricting the change of the local administrator account pas sword."
• Maybe in reply to: Sergey V. Gordeychik: "RE: Restricting the change of the local administrator account password."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]