Re: Impact on how to keep a blueprint of my Ad structure, network structure on servers

From: Robert Moir (bofh_at_mvps.org)
Date: 10/19/03

• Next message: Robert Moir: "Re: norton anti-virus"
• Previous message: anonymous_at_discussions.microsoft.com: "Re: help someone please"
• In reply to: Marlon Brown: "Impact on how to keep a blueprint of my Ad structure, network structure on servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 19 Oct 2003 11:29:07 +0100

Marlon Brown wrote:
> I work as a sysadmin for a 2,000 node organization. I created
> documentation where I list changes on AD structure (such as
> delegation of rights, schema modifications, domain admin usernames)
> and I am wondering how bad would be keep that word file on a folder
> where only domain admins could access it. I would never keep a file
> with passwords on a networked server and I would like to confirm how
> you approach that type of structure information file on the 'network'
> ?

I wouldn't keep a list of domain admin passwords on the network at all. I'd
print it off and put it in a sealed envelope in a safe thats operated by
someone you trust and which you can get access to, if you must have them
written down like that. If I didn't have a suitable safe (e.g. a
departmental tape safe would do) I'd buy one.

As for the document itself, without the passwords, I would keep it in a
secure folder on a server without too much problems. If you are that worried
you could also save it to a CD/RW or even a USB drive and then place it in
another sealed envelope in that safe I just talked about.

-- 
-- 
Rob Moir
Microsoft MVP for servers & security
http://www.robertmoir.co.uk

---

• Next message: Robert Moir: "Re: norton anti-virus"
• Previous message: anonymous_at_discussions.microsoft.com: "Re: help someone please"
• In reply to: Marlon Brown: "Impact on how to keep a blueprint of my Ad structure, network structure on servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Is VMS Security being dumbed-down for Java? ... RTL calls are not safe from inner-mode ... But if the VMS documentation set did not consistently refer to ... exec-based system services are not generally considered supported. ... Privileged shareable images, also known as user-written ... (comp.os.vms) Re: Winsock 10061 ... or some kind of permissions issue relative to resolving the IP -- the socket ... DevDiagnostics With Safe For Scripting, ... > Host not found" when trying to connect to our server. ... I had her edit the hosts file to add an entry for our server. ... (microsoft.public.vb.controls.internet) Re: Turn off services outside the Windows ... In regards to Safe mode, it was not about the issue, I am able to get into ... And now I am able to log on that server, ... I suspect the Exchange info store service is the cause. ... (microsoft.public.windows.server.general) RE: local admin account password ... Subject: local admin account password ... what was they process for when a server was built/rebuilt. ... In this case we would have the safe open every few ... Our particular set up employed a safe which required 2 keys to open. ... (Focus-Microsoft) Re: ManualResetEvent not thread safe?? ... This type is safe for multithreaded operations. ... Any instance members are not guaranteed to ... > Is a general statement placed in the documentation for ALL ... (microsoft.public.dotnet.languages.csharp)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)