Admin Accounts

From: Leo (
Date: 09/15/04

Date: Tue, 14 Sep 2004 21:38:27 -0400

My Co. has banned the use of privileged accounts (admin or Domain admin
group membership) for day to day use within the IT group. This is, of
course, a good idea but hard for most to swallow. The main argument is that
if your not doing work that requires Admin Priv then don't use the account.
Rather, use the 'Run As' function when Admin rights are necessary.

The Argument is that in the event of a worm infiltration if an IT person
gets infected it will not spread under the admin account but just a 'normal'
user account.

Is anyone else using this or similar practices? How did you sell it to the
IT rank and file? Any thoughts or consideration are appreciated.