Re: Service accounts best practices
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 06/22/05
- Previous message: Ferdie: "Re: Service accounts best practices"
- In reply to: Ferdie: "Re: Service accounts best practices"
- Next in thread: Ferdie: "Re: Service accounts best practices"
- Reply: Ferdie: "Re: Service accounts best practices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Jun 2005 00:24:12 -0700
Yes, I believe the MS.com links went live Friday night.
There is one more that may be of interest, dealing with making
admin access to servers happen only with smart card login (even
when that is the only use of smart cards in an infrastructure).
-- Roger Abell Microsoft MVP (Windows Security) "Ferdie" <ferdie@sand.rr.com> wrote in message news:eCsrZ4qdFHA.2664@TK2MSFTNGP15.phx.gbl... > Thanks for the links. FYI - I just saw these links on the GRC Security > forums. > > Looks like a good read. > > "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message > news:OQA7ROhdFHA.2288@TK2MSFTNGP14.phx.gbl... > > Fredie, > > > > These are not going to cover that list, but may give some people > > some pause, if not food for thought. > > > > The Administrator Accounts Security Planning Guide > > http://www.microsoft.com/technet/security/topics/serversecurity/administratoraccounts/default.mspx > > > > The Services and Service Accounts Security Planning Guide > > http://www.microsoft.com/technet/security/topics/serversecurity/serviceaccount/default.mspx > > > > As I said, hot off the press, so I really have not had time to digest > > enough > > to be opinionated on these . . . > > > > -- > > Roger Abell > > Microsoft MVP (Windows Server: Security) > > > > > > "Ferdie" <ferdie@sand.rr.com> wrote in message > > news:uvZOXebdFHA.584@TK2MSFTNGP15.phx.gbl... > >> Take your time. > >> > >> Some issues that I'll be looking for in the guide: > >> > >> Best way to give DB Admins access to Enterprise Admin. > >> > >> Best way to give Backup Operators access. We don't have the Backup > >> Operators group. We're using W2K native mode. > >> > >> Best way to allow service accounts local access without access to log on > >> locally. > >> > >> Best way to allow service accounts to copy files between multiple > >> servers. > >> > >> Best way to allow Admins access to C$ shares. > >> > >> Best way to monitor access using a privileged account. > >> > >> > >> > >> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message > >> news:OtQLxEadFHA.4040@TK2MSFTNGP14.phx.gbl... > >>> I'll try to give it a quick review today and forward link along > >>> (weekend :-) > >>> > >>> -- > >>> Roger > >> > >> > > > > > >
- Previous message: Ferdie: "Re: Service accounts best practices"
- In reply to: Ferdie: "Re: Service accounts best practices"
- Next in thread: Ferdie: "Re: Service accounts best practices"
- Reply: Ferdie: "Re: Service accounts best practices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
