Re: Urgent - Stop shutdown command from shuting down domain statio
From: Desmond Lee (mcp_at_donotspamplease.mars)
Date: 12/14/04
- Next message: Desmond Lee: "RE: NTFS & Share permissions"
- Previous message: Desmond Lee: "Re: Apparent NetBIOS Attack - How Dangerous?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Dec 2004 03:09:02 -0800
Good strategic call!
It bridges the gap between technical (almost nothing is impossible) vs what
business really understands or cares about like SOX (or need to be educated
if not).
"Roger Abell [MVP]" wrote:
> That is tough.
> Consider that "the Administrator" of the first DC is by the predefined
> default recovery agent for EFS
> I would suggest that you use this fact, that the (currently shared?)
> Administrator account has special properties, and (if you are a US firm)
> use the privacy of financial records laws, to motivate defining accounts
> for privileged use. Indicate that this is to assure accountability via the
> logging. Then, define accounts (not necessarily members of either the
> Administrators group or the Domain Admins group) that have delegated
> what is needed for the tasks to be done.
> Outline that transitioning to the use of personally unique privileged
> accounts
> is an essential part of a strategy for securing the environment and for
> complying with US laws.
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCDBA, MCSE W2k3+W2k+Nt4
> "Mac" <newsgroupRemove@Removehost111.com> wrote in message
> news:eRMum9R4EHA.2316@TK2MSFTNGP15.phx.gbl...
> > Hello,
> >
> > Actually he is vice president of a bank with 300 branches and I can
> > never win if I announce this. I'd rather stop this quietly.
> >
> > Regards,
> > Mac
>
>
>
- Next message: Desmond Lee: "RE: NTFS & Share permissions"
- Previous message: Desmond Lee: "Re: Apparent NetBIOS Attack - How Dangerous?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
