RE: customer user accounts and internal user accounts on same domain



Look at ISO27001 and CISSP certification. Control access will require you to correctly split personnel, and there are some topics for 3rd parties (how to get them in the network, guests management, logs, and so on), not to mention that this will imply an access to the directory.

HTH

OA

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Stegman, Bill
Sent: Lunes, 26 de Enero de 2009 02:03 p.m.
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: customer user accounts and internal user accounts on same domain

Hi, I'm trying to dissuade management from allowing user accounts to be created on the same domain as our company users for what I feel are obvious reasons, but when pressed for specific issues I'm at a bit of a loss. I cited reasons such as;
A clear demarc between customer accounts and our own accounts
Not giving any unnecessary rights due to inheritance, but rather having to apply the appropriate permissions rather than remove permissions to attain the desired result

They want to extend a service we offer to our internal employees to a partner. I suggested creating an extranet and using accounts from a separate domain rather than our own, but there is additional overhead imposed by such as design.duh.but I'm hoping to throw out an established standard or something to help my argument.

Thank you,

Bill Stegman MCSE 2003, CCNP, CCSP, CCIP, INFOSEC, MCTS:Vista
Network Engineer
Crump Life Insurance Services
4250 Crums Mill Rd
Harrisburg, PA  17112
Phone:  717.657.0789  Ext. 4202
Fax:     ; 717.703.4947


CONFIDENTIALITY NOTICE: This message is intended to be viewed only by the listed recipient(s).
It may contain information that is privileged, confidential and/or exempt from disclosure under
applicable law. Any dissemination, distribution or copying of this message is strictly prohibited
without our prior written permission. If you are not an intended recipient, or if you have
received this communication in error, please notify us immediately by return e-mail and
permanently remove the original message and any copies from your computer and all back-up systems.



Relevant Pages

  • customer user accounts and internal user accounts on same domain
    ... Hi, I'm trying to dissuade management from allowing user accounts to be created on the same domain as our company users for what I feel are obvious reasons, but when pressed for specific issues I'm at a bit of a loss. ... Not giving any unnecessary rights due to inheritance, but rather having to apply the appropriate permissions rather than remove permissions to attain the desired result ... If you are not an intended recipient, ...
    (Focus-Microsoft)
  • Re: Inheriting Permissions from Parent
    ... When you delegate permissions using the Delegation of Control wizard, these permissions rely on the user object that inherits the permissions from the parent container. ... Members of protected groups do not inherit permissions from the parent container. ... Within one of my OU's I have many user accounts ...
    (microsoft.public.windows.server.active_directory)
  • Re: Inheriting Permissions from Parent
    ... When you delegate permissions using the Delegation of Control wizard, ... Members of protected groups do not inherit permissions ... these permissions are not applied to members ... Within one of my OU's I have many user accounts ...
    (microsoft.public.windows.server.active_directory)
  • RE: raise user accounts max fd
    ... >>> raise a user accounts max file descriptors (FDs, shown via ulimit ... >>> ircd hard nofile 4096 ... If you are not the intended recipient or responsible for ...
    (Debian-User)
  • RE: customer user accounts and internal user accounts on same domain
    ... Among many other reasons, having them in the same domain context as you ... confidential/DPA relevant data, etc. would be a definite issue - especially ... customer user accounts and internal user accounts on same domain ... having to apply the appropriate permissions rather than remove permissions ...
    (Focus-Microsoft)