Re: Forgot password option for users (process)

From: Doug Knox MS-MVP (dknox_at_mvps.org)
Date: 09/09/05 

Date: Fri, 9 Sep 2005 17:23:29 -0400

I don't deal with domains, other than our IT department, and they always insist it takes a domain admin account. I'll defer to your experience in this. 

-- 
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.
 
"Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message news:%23GOS5RYtFHA.3720@TK2MSFTNGP14.phx.gbl...
> Doug Knox MS-MVP wrote:
>> The only other option is to have the Help Desk use a domain admin
>> account and reset the password, with all the usual warnings about
>> encrypted files, encrypted e-mails and stored browser passwords.
> 
> There are a good few options out there, some of which I outline in my other 
> reply on this thread. In a properly managed domain environment, which is 
> what I'd expect an "enterprise" network to be, things like EFS encryption 
> should be very well managed so that the IT team can either recover such 
> documents if something happens to the original account or EFS should be 
> hobbled so that users can't turn it on and burn themselves.
> 
> Incidentally, since Win 2000, when ever has a frontline helpdesk call 
> handler needed domain admin to simply reset a password?
> 
> -- 
> -- 
> Rob Moir
> Website - http://www.robertmoir.co.uk
> Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
> Kazaa - Software update services for your Viruses and Spyware. 
> 
>

Relevant Pages

  • Re: Forgot password option for users (process)
    ... > The only other option is to have the Help Desk use a domain admin ... > account and reset the password, with all the usual warnings about ... what I'd expect an "enterprise" network to be, things like EFS encryption ... documents if something happens to the original account or EFS should be ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Finding a Hacker
    ... definitely had the capability to obtain the domain admin credentials and may ... If the hacker did get in remotely using an administrator account on the ... Your problem is not restricting remote desktop connections. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Need to filter domain admin from GPO
    ... But think always about the part that a deny is the highest blocking you set and if you forget that you have set a deny or you are not in and someone else have to search for errors, it will be really heavy to find it. ... It's best practice to use a 2nd administrator account as your ... Block inheritance (I would have to move the domain admin from ... particular GPO using ACL deny. ...
    (microsoft.public.windows.group_policy)
  • Re: Administrator--Client installation account problem
    ... I stated the account was only required to be a ... Of course if it is a domain admin that works also. ... Jeff said to use a Regular domain user, ... You do not have to be in advanced security to push the client. ...
    (microsoft.public.sms.admin)
  • Re: Need to filter domain admin from GPO
    ... Normally Block inheritance works fine. ... What GPO setting do you like to filter? ... It's best practice to use a 2nd administrator account as your regular ... Block inheritance (I would have to move the domain admin from ...
    (microsoft.public.windows.group_policy)