Re: Service accounts best practices

From: Ferdie (ferdie_at_sand.rr.com)
Date: 06/17/05 

Date: Fri, 17 Jun 2005 13:15:00 -0700

I need to be careful though. The DB group teaches me nice things like SQL
queries. I think if I just remove the right to log on locally to any box,
then that would reduce the vulnerability a little. Its a small step for
now, but a huge step in breaking the comfort level.

"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:%23ECPTKtcFHA.456@TK2MSFTNGP09.phx.gbl...
> Make them document exactly why they need domain admin. I have done this
> dance with several vendors. Generally they say that because they have no
> idea what their app needs nor why.
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Ferdie wrote:
>> Can someone point me to a guide to securing service accounts? I have
>> some accounts that require Domain Admin rights (or so they say), but
>> don't need to log on locally. I'd like to remove that right, so that
>> they don't use it to bypass the logical access control. There might be
>> some other issues that come up, so I might need a guide.
>>
>> Thanks,
>> Ferdie

Relevant Pages

  • Re: Service accounts best practices
    ... Make them document exactly why they need domain admin. ... Ferdie wrote: ... > Can someone point me to a guide to securing service accounts? ... so I might need a guide. ...
    (microsoft.public.win2000.security)
  • Service accounts best practices
    ... Can someone point me to a guide to securing service accounts? ... accounts that require Domain Admin rights, ... to bypass the logical access control. ...
    (microsoft.public.win2000.security)