Re: W2k3 - Recover from lost Domain Admin passwords
From: Laura A. Robinson [MVP] (geekwench_at_snippit.hotmail.com)
Date: 01/25/04
- Next message: DJA: "User password List"
- Previous message: Laura A. Robinson [MVP]: "Re: Account Lockout Policy"
- In reply to: Ulf B. Simon-Weidner: "Re: W2k3 - Recover from lost Domain Admin passwords"
- Next in thread: Ulf B. Simon-Weidner: "Re: W2k3 - Recover from lost Domain Admin passwords"
- Reply: Ulf B. Simon-Weidner: "Re: W2k3 - Recover from lost Domain Admin passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 25 Jan 2004 11:03:17 -0500
circa Sun, 25 Jan 2004 00:33:43 +0100, in
microsoft.public.windows.server.security, Ulf B. Simon-Weidner
(nospam2-ulf@usw-consulting.com) said,
> Hello Robert,
>
> your passwords are more easily compromised if you leave this whole open.
>
> If you are all for security, then I'd create a domain admin password which is
> totally random, and something like 30-50 letters. Print it out, and put it into
> a safe. Don't use the domain admin account, but create admin accounts which are
> individual per user. Give them just the rights they need. Educate them not to
> log on with their adminaccount, but their useraccount and use RunAs for
> administrative Tasks. Change the domain admin account quite frequently - like
> once a month (every other month should be OK as well, if you use about 50
> letters). Treat the service accounts like your domain admin account.
>
Ulf, you're a man after my own heart. :-)
Laura
- Next message: DJA: "User password List"
- Previous message: Laura A. Robinson [MVP]: "Re: Account Lockout Policy"
- In reply to: Ulf B. Simon-Weidner: "Re: W2k3 - Recover from lost Domain Admin passwords"
- Next in thread: Ulf B. Simon-Weidner: "Re: W2k3 - Recover from lost Domain Admin passwords"
- Reply: Ulf B. Simon-Weidner: "Re: W2k3 - Recover from lost Domain Admin passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
