Re: Password management policy when an admin left the company ?
- From: Meinolf Weber [MVP-DS] <meiweb(nospam)@gmx.de>
- Date: Tue, 9 Jun 2009 11:23:22 +0000 (UTC)
Hello Eric,
Without 2008 R2 in the future i don't know a tool. If you have them well documented it wan't be a big problem, do it one by one after working hours. If not i think you have to check any server which service account is used.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Thank you for your answers.
So ok we agree that I need to change the password when one of them
admins left the company (as the file is protected in a network storage
location yes).
now my question is "How can I easily change every passwords documented
when one admin left ?"
There is a big turnover so an automatic process should be better.
I have heard about a solution from Cyber Ark but it's quite expensive.
Thanks for your help.
P.S: I precise I dont have 2008 R2 servers and the ability to modify
easily services password accounts.
"Al Dunbar" <alandrub@xxxxxxxxxxx> wrote in message
news:#2OPXYJ6JHA.1432@xxxxxxxxxxxxxxxxxxxxxxx
"Eric" <Eric_m@xxxxxxxxxxxxxxxxxx> wrote in message[continued...]
news:mn.43b37d966b21b4b3.70874@xxxxxxxxxxxxxxxxxxxxx
Hello,What do you mean by "a protected file"? Is this a file on a server
we have approx 10 administrators in our company.
We have several domains, several admin and services accounts stored
in a
protected file.
to which all 10 admins have access?
Our problem is "What happens if one of the administrators left theAn interactive, personal admin account password should exist in only
company ?"
As he had access to the protected file containing every passwords,
he could be able to use it after he left the company.
What is your password management policy in this kind of situation ?
two places - in the actual account itself, and in the memory of the
admin account user. Nobody else has a reason to know the password.
The account should be disabled and/or the password reset when the
user leaves.
The only time anyone needs the password of a service account is when
the service is being configured. It needs to be
stored for future use in a way that discourages unauthorized use. One
way is in a sealed envelope in a vault under the control of someone
other than the admins.
Of course, you cannot make people actually forget passwords they have
known, so it might not be a bad idea to change all of the service
account passwords when an admin leaves. Of course, it is almost as
likely for an admin who is not leaving to go rogue on you, so this
could be overkill.
/Al
.
- References:
- Prev by Date: Re: Password management policy when an admin left the company ?
- Next by Date: Re: Where the applied The Hot Fix patches saved in Server2008 ?
- Previous by thread: Re: Password management policy when an admin left the company ?
- Index(es):
Relevant Pages
|
Loading
