Re: administrator
From: Miha Pihler [MVP] (mihap-news_at_atlantis.si)
Date: 10/18/05
- Next message: Roger Abell [MVP]: "Re: Disable Administrator Login in a W2K Domain"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Access Control to LDAP on AD?"
- Next in thread: Roger Abell [MVP]: "Re: administrator"
- Maybe reply: Roger Abell [MVP]: "Re: administrator"
- Maybe reply: Steven L Umbach: "Re: administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 Oct 2005 21:00:16 +0200
No, but I can say that this is not a bad policy -- especially if you have
time to prepare for it.
Identify all the services on all servers or client computers that might run
under this account and start running them under another account -- account
that is not member of domain administrators group if possible (give account
only permissions that it needs to run that service - least privilege).
Using a Least-Privileged User Account
http://www.microsoft.com/technet/security/secnews/articles/lpuseacc.mspx
After you do this, you shouldn't have any problems changing Administrator
password regularly.
-- Mike Microsoft MVP - Windows Security "frank" <frank@discussions.microsoft.com> wrote in message news:73590776-C4CF-45A7-AF5D-653FBB483ACF@microsoft.com... > Our company had a recent audit and part of the report explain the > administrator accounts needs to renamed and set to change password > I have renamed but I am hesitating on uncheck never change password is > there > a link which show why/why not it should be set at never change password > > > Thanks for the help >
- Next message: Roger Abell [MVP]: "Re: Disable Administrator Login in a W2K Domain"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Access Control to LDAP on AD?"
- Next in thread: Roger Abell [MVP]: "Re: administrator"
- Maybe reply: Roger Abell [MVP]: "Re: administrator"
- Maybe reply: Steven L Umbach: "Re: administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
