Why can't you start explorer using runas? Shortcut to
the desktop for explorer.exe. Shift+Right-click, runas,
etc...
What about term services? You can always go that
route as well if it's sensitive data.
We have the separate accounts as a best practice vs. a
compliance issue. The best practice came first. With minor
exceptions, it works fine to date. YMMV due to particular cultural and
infrastructure changes, but that's going to be for any change as far as I'm
concerned.
Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A Sent: Thursday, June 24, 2004 9:53 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Sarbannes Oxley compliance We try
to maintain a least privilege model, and are in the process of tightening down
further. 'Best practices' that you often read about suggest each admin
have a 'break glass' kind of administrative account seperate from
their 'day-to-day user' account. We're moving in that direction. One
of the issues there seems to be that admins are used to managing files and
setting NTFS permissions via Explorer...as far as I know, you can't just start
up a new explorer with Runas. I suppose they could use CACLS from a
command prompt, but most want a GUI.
So
I'll add that to Mark's original question...how do y'all approach that if you
use seperate 'admin' accounts for your admins ?
Dave
|
- [ActiveDir] Sarbannes Oxley compliance Creamer, Mark
- RE: [ActiveDir] Sarbannes Oxley compliance Raymond McClinnis
- RE: [ActiveDir] Sarbannes Oxley compliance joe
- Re: [ActiveDir] Sarbannes Oxley compliance [EMAIL PROTECTED]
- RE: [ActiveDir] Sarbannes Oxley compliance Fugleberg, David A
- Re: [ActiveDir] Sarbannes Oxley compliance Brent Westmoreland
- RE: [ActiveDir] Sarbannes Oxley compliance Mulnick, Al
- RE: [ActiveDir] Sarbannes Oxley compliance Menten, Jeff
- RE: [ActiveDir] Sarbannes Oxley compliance Sunil Gupta
- RE: [ActiveDir] Sarbannes Oxley compliance Justin_Leney