Re: How to secure the Administrator account?
From: Chuck (cacrollthespam_at_yahoo.com)
Date: 10/26/03
- Next message: anonymous_at_discussions.microsoft.com: "Re: Administrator does not have sufficient security to unsinstall"
- Previous message: David Cross [MS]: "Re: Smart Card logon"
- In reply to: David M. Streb, MCSE: "How to secure the Administrator account?"
- Next in thread: David M. Streb, MCSE: "Re: How to secure the Administrator account?"
- Reply: David M. Streb, MCSE: "Re: How to secure the Administrator account?"
- Reply: David M. Streb, MCSE: "Re: How to secure the Administrator account?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 26 Oct 2003 11:07:07 -0600
On Sun, 26 Oct 2003 07:40:55 -0800, "David M. Streb, MCSE"
<exiis@hotmail.com> wrote:
>Here's a question I've never really investigated until recently; I'm hoping
>I'm missing something...
>
>Administrator Account: We regularly rename and place strong passwords onto
>this account. This account is limited to the most trusted employee of the
>company and never to the normal "administrator" of the network.
>
>Domain Admins: This is the regular, day-to-day account we assign to the
>full-time administrator.
>
>Problem: Members of the "Domain Admins" group are permitted to rename,
>reset, and change the "Administrator" account, as well as change group
>membership for both the "Administrators" and the "Domain Admins" members. In
>other words, a lower, less-trusted administrator is free to whatever he
>feels to the most trusted account--it doesn't make sense.
1) As you pointed out, your employees have to have system authority
necessary to do their job, balancing the need to maintain network
access against the need to keep the network secure.
2) You have to have employees you can trust, and a written security
policy to let them know what they may and may not do.
3) You have to have an audit trail you can trust, and review the
audit reports frequently enough that you see all events that concern
you, promptly enough to take action effectively.
4) You have to put the fear into your employees, and fire the first
who violates security policy.
Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
- Next message: anonymous_at_discussions.microsoft.com: "Re: Administrator does not have sufficient security to unsinstall"
- Previous message: David Cross [MS]: "Re: Smart Card logon"
- In reply to: David M. Streb, MCSE: "How to secure the Administrator account?"
- Next in thread: David M. Streb, MCSE: "Re: How to secure the Administrator account?"
- Reply: David M. Streb, MCSE: "Re: How to secure the Administrator account?"
- Reply: David M. Streb, MCSE: "Re: How to secure the Administrator account?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
