[NTSysADM] RE: domain admin account passwords management

2018-01-17 Thread Michael B. Smith
If the DA is in the root forest. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife Sent: Wednesday, January 17, 2018 2:32 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: domain admin account passwords management EA

[NTSysADM] RE: domain admin account passwords management

2018-01-17 Thread Heaton, Joseph@Wildlife
Smith Sent: Wednesday, January 17, 2018 12:15 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] RE: domain admin account passwords management Notice: This email is from an outside source. Please do not open any attachments, click on an

[NTSysADM] RE: domain admin account passwords management

2018-01-17 Thread Kennedy, Jim
...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Wednesday, January 17, 2018 12:30 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: domain admin account passwords management Agreed on all accounts. With that said how do we still manage the EA, DA, and SA accounts with the 90 day rotation

[NTSysADM] RE: domain admin account passwords management

2018-01-17 Thread Kennedy, Jim
This is easy. Your remove domain admin from your service accounts. That is unacceptable, insane...really bad. Take your pick. If they need more than local admin on the box they are running then you dig in and give them the perms they need. Any vendor that says we need domain admin for a

[NTSysADM] RE: domain admin account passwords management

2018-01-17 Thread Webster
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Wednesday, January 17, 2018 11:15 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: domain admin account passwords management I would suggest you should only have 4 (maximum)

[NTSysADM] RE: domain admin account passwords management

2018-01-17 Thread David McSpadden
@lists.myitforum.com Subject: [NTSysADM] RE: domain admin account passwords management Notice: This email is from an outside source. Please do not open any attachments, click on any hyperlinks, or respond without first confirming the authenticity of the email. I would suggest you should only have 4 (maximum

[NTSysADM] RE: domain admin account passwords management

2018-01-17 Thread Michael B. Smith
I would suggest you should only have 4 (maximum) domain admin accounts. If Ford can get by with 4, so can you. And the actual Administrator account should have a disgustingly long password that is written down and put in a safe. I doubt highly that your service accounts need to be domain