Re: Multiple administrator
From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 11/29/02
- Next message: Karl Levinson [x y] mvp: "Re: How do you secure a server running win2k-server?"
- Previous message: Karl Levinson [x y] mvp: "Re: EFS Recovery"
- In reply to: Alder: "Re: Multiple administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com> Date: Fri, 29 Nov 2002 09:54:06 -0500
I agree with the previous posts. Don't use a shared administrator account,
there's no accountability there. One typical method is to give each
administrator a second account [like jsmith and jsmith2] so that they log in
as a normal user [jsmith] most of the time and just use RUNAS to perform
administrator tasks using their second admininstrator-equivalent account
[e.g. jsmith2].
"Alder" <alder.must@mail.ee> wrote in message
news:as7r25$ta$1@news.eenet.ee...
> I think that there is more better to use own accounts. Because it's clear
> who can do what, and also for log detection . As it's known , that all
> administrators haven't same administrative rights, it's also possible to
> implement delegated administration.
> Also use policy to rename administrator account and use logon script to
use
> for account misuse detection.
>
>
> "Iikka Meriläinen" <Iikka.Merilainen@pato.vaala.fi> wrote in message
> news:u#eLqwxlCHA.1912@tkmsftngp04...
> > Hi!
> >
> > This is a difficult question to which no single correct answer exists.
> >
> > However, I personally use my own account which is a member of Domain
> Admins,
> > and preserve the _real_ Administrator account along with any copies of
it
> > for those situations my own profile screws up or something else strange
> > happens. This is also better when you don't want to share your admin
> > password to many people. In my organization there are about ten Domain
> > Admins members total of which only two (me and the director) know the
real
> > admin password. Thus you have a better control of who _has_
administrative
> > privileges, either via the administrator password or via their own
logins.
> >
> > If it's practical in your case, you can also use your normal accounts
> > without any administrative privileges and use the 'runas' functionality
> when
> > you need elevated privileges for some single process. I've tried it, but
> it
> > didn't work as smoothly as I expected.
> >
> > You could also have administrative privileges for your own accounts and
> then
> > use the real Administrator login as an emergency way out of problems.
For
> > example, make a nine-character password and make sure each of those
three
> > people know three different letters of the password. Then you can
> > cooperatively decide when the backup login is needed. This is for
> paranoids,
> > but many organizations have this policy.
> >
> > --
> > Best regards,
> >
> > Iikka Meriläinen
> > Vaala, Finland
> > ==================================================
> > Please reply to the newsgroup only so that others can learn from this
> issue.
> > This message is provided "as is", with absolutely no warranties.
> > ==================================================
> > "Philippe Aymer" <aymerphilippe@hotmail.com> wrote in message
> > news:47971ff0.0211281139.565d358f@posting.google.com...
> > > Hi,
> > >
> > > we are 3 server admins in a Win2000 network. What is better:
> > >
> > > - to log in as "administrator" each time we need to be admin,
> > > - to give our user account the "admin rights"
> > > - other ?
> > >
> > > Thanks!
> > >
> > > --
> > > Philippe Aymer
> >
> >
>
>
- Next message: Karl Levinson [x y] mvp: "Re: How do you secure a server running win2k-server?"
- Previous message: Karl Levinson [x y] mvp: "Re: EFS Recovery"
- In reply to: Alder: "Re: Multiple administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
