Use account that has enough permissions to do the job, but when possible is
not a member of administrator group (I guess that would be ideal). There are
lot of scenarios where this won't work (e.g. administering IIS -- you will
need to be local admin).
I would recommend you to use account that is only member of local
administrator group and is not built-in administrator or member of domain
administrator group.
Each user administering the server should have its own account. In case that
someone does something bad, you should have a pretty good idea who, or at
least with which account.
If you really want to get secure then logon to the server with an account
that is ordinary user (not member of local administrator group on the server
and then use "runas" to run an application as administrator.
If server is member of domain then logon to domain. That is the point of
single account management ;-).
Re: FIRED IT ADMIN HAS LOCKED US OUT OF SBS ... you have risen to an Administrator this would be a given. ...server and run all LOB apps on these. ... If there are no encrypted files, just reset the DSRM account... (microsoft.public.windows.server.sbs)
Re: FIRED IT ADMIN HAS LOCKED US OUT OF SBS ...Teneo> Interesting post and Im now gonna be a party pooper... ... connections) before cutting power to the server and to the Internet ... If there are no encrypted files, just reset the DSRM account... and try old domain Administrator account's passwords. ... (microsoft.public.windows.server.sbs)
Re: Remote desktop: cannot copy files why still not working ... I created a new user on the XP box, set as an administrator... this new user account is local to the XP system, ... In my environment, when I do an RDP connection to a server, I first log ... member of the local administrators group on the server. ... (microsoft.public.windows.server.security)
Re: Remote desktop: cannot copy files why still not working ... this new user account is local to the XP system, and a member of the local administrator's group on that workstation. ... In my environment, when I do an RDP connection to a server, I first log on to the xp workstation using my regular, non-privileged domain account, run mstsc, and then logon to the server using a domain account that is a member of the local administrators group on the server. ... In addition, I frequently use runas to run privileged applications on the workstation using my "administrator" account, and have found that files cannot be copied between those applications and anything running under the credentials of my regular account - even though my administrator account actually does have full access to everything on the workstation - just not through my regular account's view of that workstation. ... (microsoft.public.windows.server.security)
Re: Shared Fax device not available anymore after reboot server!?! ... the error message one by one to the Newsgroup for accurate research. ... You can send fax by using Administrator account.... after the reboot of the server no account is able to fax anaymore. ... (microsoft.public.windows.server.sbs)
