Re: Multiple administrator
From: Alder (alder.must@mail.ee)
Date: 11/29/02
- Next message: Chris Dove: "Encrypting Offline Files"
- Previous message: DIANA TURNER: "EFS Recovery"
- In reply to: Iikka Meriläinen: "Re: Multiple administrator"
- Next in thread: Karl Levinson [x y] mvp: "Re: Multiple administrator"
- Reply: Karl Levinson [x y] mvp: "Re: Multiple administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Alder" <alder.must@mail.ee> Date: Fri, 29 Nov 2002 15:45:40 +0200
I think that there is more better to use own accounts. Because it's clear
who can do what, and also for log detection . As it's known , that all
administrators haven't same administrative rights, it's also possible to
implement delegated administration.
Also use policy to rename administrator account and use logon script to use
for account misuse detection.
"Iikka Meriläinen" <Iikka.Merilainen@pato.vaala.fi> wrote in message
news:u#eLqwxlCHA.1912@tkmsftngp04...
> Hi!
>
> This is a difficult question to which no single correct answer exists.
>
> However, I personally use my own account which is a member of Domain
Admins,
> and preserve the _real_ Administrator account along with any copies of it
> for those situations my own profile screws up or something else strange
> happens. This is also better when you don't want to share your admin
> password to many people. In my organization there are about ten Domain
> Admins members total of which only two (me and the director) know the real
> admin password. Thus you have a better control of who _has_ administrative
> privileges, either via the administrator password or via their own logins.
>
> If it's practical in your case, you can also use your normal accounts
> without any administrative privileges and use the 'runas' functionality
when
> you need elevated privileges for some single process. I've tried it, but
it
> didn't work as smoothly as I expected.
>
> You could also have administrative privileges for your own accounts and
then
> use the real Administrator login as an emergency way out of problems. For
> example, make a nine-character password and make sure each of those three
> people know three different letters of the password. Then you can
> cooperatively decide when the backup login is needed. This is for
paranoids,
> but many organizations have this policy.
>
> --
> Best regards,
>
> Iikka Meriläinen
> Vaala, Finland
> ==================================================
> Please reply to the newsgroup only so that others can learn from this
issue.
> This message is provided "as is", with absolutely no warranties.
> ==================================================
> "Philippe Aymer" <aymerphilippe@hotmail.com> wrote in message
> news:47971ff0.0211281139.565d358f@posting.google.com...
> > Hi,
> >
> > we are 3 server admins in a Win2000 network. What is better:
> >
> > - to log in as "administrator" each time we need to be admin,
> > - to give our user account the "admin rights"
> > - other ?
> >
> > Thanks!
> >
> > --
> > Philippe Aymer
>
>
- Next message: Chris Dove: "Encrypting Offline Files"
- Previous message: DIANA TURNER: "EFS Recovery"
- In reply to: Iikka Meriläinen: "Re: Multiple administrator"
- Next in thread: Karl Levinson [x y] mvp: "Re: Multiple administrator"
- Reply: Karl Levinson [x y] mvp: "Re: Multiple administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
