Re: How to secure the Administrator account?

From: David M. Streb, MCSE (exiis_at_hotmail.com)
Date: 10/27/03

• Next message: David M. Streb, MCSE: "Re: How to secure the Administrator account?"
• Previous message: Dmitry Kulshitsky: "RE: Updates and real microsoft?"
• In reply to: Chuck: "Re: How to secure the Administrator account?"
• Next in thread: Steven L Umbach: "Re: How to secure the Administrator account?"
• Reply: Steven L Umbach: "Re: How to secure the Administrator account?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 26 Oct 2003 22:17:13 -0800

Thanks Guys!
For a moment I thought I was losing it...

So, why isn't the "Admins" the "Admin"? The final authority? Is it not
possible? What's the equivalent in other systems like Unix and Sun? Or are
they faced with the same challenges?

-- 
David M. Streb, MCSE
Microsoft Certified Partner
Specializing in Exchange
and FrontPage Hosting
http://www.exiis.net
Dave at exiis dot net
"Chuck" <cacrollthespam@yahoo.com> wrote in message
news:h8vnpvgd9jjhq12bq4qd9jnj57jrp3mklf@4ax.com...
> On Sun, 26 Oct 2003 07:40:55 -0800, "David M. Streb, MCSE"
> <exiis@hotmail.com> wrote:
>
> >Here's a question I've never really investigated until recently; I'm
hoping
> >I'm missing something...
> >
> >Administrator Account: We regularly rename and place strong passwords
onto
> >this account. This account is limited to the most trusted employee of the
> >company and never to the normal "administrator" of the network.
> >
> >Domain Admins: This is the regular, day-to-day account we assign to the
> >full-time administrator.
> >
> >Problem: Members of the "Domain Admins" group are permitted to rename,
> >reset, and change the "Administrator" account, as well as change group
> >membership for both the "Administrators" and the "Domain Admins" members.
In
> >other words, a lower, less-trusted administrator is free to whatever he
> >feels to the most trusted account--it doesn't make sense.
>
> 1)  As you pointed out, your employees have to have system authority
> necessary to do their job, balancing the need to maintain network
> access against the need to keep the network secure.
>
> 2)  You have to have employees you can trust, and a written security
> policy to let them know what they may and may not do.
>
> 3)  You have to have an audit trail you can trust, and review the
> audit reports frequently enough that you see all events that concern
> you, promptly enough to take action effectively.
>
> 4)  You have to put the fear into your employees, and fire the first
> who violates security policy.
>
> Chuck
> I hate spam - PLEASE get rid of the spam before emailing me!
> Paranoia comes from experience - and is not necessarily a bad thing.

---

• Next message: David M. Streb, MCSE: "Re: How to secure the Administrator account?"
• Previous message: Dmitry Kulshitsky: "RE: Updates and real microsoft?"
• In reply to: Chuck: "Re: How to secure the Administrator account?"
• Next in thread: Steven L Umbach: "Re: How to secure the Administrator account?"
• Reply: Steven L Umbach: "Re: How to secure the Administrator account?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)