Re: Admin Accounts

From: andy smart (anonymus_at_discussions.microsoft.com)
Date: 09/16/04


Date: Thu, 16 Sep 2004 10:01:30 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Leo wrote:

| My Co. has banned the use of privileged accounts (admin or Domain admin
| group membership) for day to day use within the IT group. This is, of
| course, a good idea but hard for most to swallow. The main argument
is that
| if your not doing work that requires Admin Priv then don't use the
account.
| Rather, use the 'Run As' function when Admin rights are necessary.
|
| The Argument is that in the event of a worm infiltration if an IT person
| gets infected it will not spread under the admin account but just a
'normal'
| user account.
|
| Is anyone else using this or similar practices? How did you sell it
to the
| IT rank and file? Any thoughts or consideration are appreciated.
|
| Leo
|
|
Actually, I can sympathise with this.

If 'day to day' use is network management then pretty much everything
you do requires admin rights. In a school pretty much all of our routine
work involves messing around with other user's accounts and permissions :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBSVZqqmlxlf41jHgRAkhMAJ0ak3WDimRaUb3smOvFtgaqHj3LBACdFg51
bOSk4Nh6xAmlL9X09f0jbSk=
=50fP
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: Incoming E-Mail - cant create contact in OU
    ... central admin pool different than the web app. ... that account a little (if the web app is compromised or something, ... So I started with giving the app pool account domain admins permissions then ...
    (microsoft.public.sharepoint.windowsservices)
  • RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins t
    ... Flaw in Microsoft Domain Account Caching Allows ... Local Workstation Admins to Temporarily Escalate Privileges and Login as ... Cached Domain Admin Accounts ... administrator" is a "bigger" administrator than the local administrator. ...
    (Bugtraq)
  • Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins t
    ... Flaw in Microsoft Domain Account Caching Allows ... Local Workstation Admins to Temporarily Escalate Privileges and Login as ... Cached Domain Admin Accounts ... administrator" is a "bigger" administrator than the local administrator. ...
    (Full-Disclosure)
  • Re: Security Breach in AD! Help!
    ... > about 5 minutes the user was removed from the built in admin group. ... > changed the default domain policy, the default domain controller policy, ... >> auditing of account logon for success and failure and account management ... >> success and failure in Domain Controller Security Policy. ...
    (microsoft.public.win2000.security)
  • Re: cant verify disk
    ... She went to DU, and when she pressed "verify disk", it asked her user ... Disk Utility has required an administrator name and password for certain ... This is clearly a task which requires admin privileges, ... seriously mucked up with her user account settings in the NetInfo ...
    (comp.sys.mac.system)