Re: W2k3 - Recover from lost Domain Admin passwords
From: Ulf B. Simon-Weidner (nospam2-ulf_at_usw-consulting.com)
Date: 01/25/04
- Next message: Chriss3: "Re: Account Lockout Policy"
- Previous message: DJA: "User password List"
- In reply to: Laura A. Robinson [MVP]: "Re: W2k3 - Recover from lost Domain Admin passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 25 Jan 2004 17:56:39 +0100
Laura A. Robinson [MVP] says...
> circa Sun, 25 Jan 2004 00:33:43 +0100, in
> microsoft.public.windows.server.security, Ulf B. Simon-Weidner
> (nospam2-ulf@usw-consulting.com) said,
> > Hello Robert,
> >
> > your passwords are more easily compromised if you leave this whole open.
> >
> > If you are all for security, then I'd create a domain admin password which is
> > totally random, and something like 30-50 letters. Print it out, and put it into
> > a safe. Don't use the domain admin account, but create admin accounts which are
> > individual per user. Give them just the rights they need. Educate them not to
> > log on with their adminaccount, but their useraccount and use RunAs for
> > administrative Tasks. Change the domain admin account quite frequently - like
> > once a month (every other month should be OK as well, if you use about 50
> > letters). Treat the service accounts like your domain admin account.
> >
> Ulf, you're a man after my own heart. :-)
>
> Laura
>
:-)
Gruesse - Sincerely,
Ulf B. Simon-Weidner
- Next message: Chriss3: "Re: Account Lockout Policy"
- Previous message: DJA: "User password List"
- In reply to: Laura A. Robinson [MVP]: "Re: W2k3 - Recover from lost Domain Admin passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
