OK, I must have logged in that way then. I was local that day, not remote. Very, very good to know...I have a couple more coming up next week.
<mc> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Saturday, January 28, 2006 4:15 PM To: [email protected] Subject: Re: [ActiveDir] SBSland folks ask Big server land people a question about the use and risk of the "500" account. Windows 2003 sp1 Sharepoint sp1 [can use sp2 instead] Exchange sp1 [can use sp2 instead] XP sp2 SBS specific SP1 << this is the one we've found has needed the 500 account ----------- If premium SQL server 2000 sp4 ISA 2004 [must have media..CANNOT be done remotely] Creamer, Mark wrote: >What's the 5th part? I just did a full SBS sp1 install, and I *think* I ran >everything under my own >account - maybe not, but I generally do. > >As far as RDP, I usually disable everyone's ability to TS in, and enable only >my own account. But I >always change the port to some weird random number, just to thwart the >majority of the script kiddies. > ><mc> >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] >Sent: Saturday, January 28, 2006 3:20 PM >To: [email protected] >Subject: Re: [ActiveDir] SBSland folks ask Big server land people a question >about the use and risk of >the "500" account. > >:-) > >Don't install the 5th part of the SBS sp1 service pack bundle then..... >'cause it kinda wants to be only run under that "500" account. > >I've got a SBSer installing WSUS under an alternative Admin account and >the installs that he's done under the "500" account the computers check >in just fine...the ones under the alternative account are having >issues. He's applied the compression hotfix and done client side >targeting and still no go. He's redoing the group policy settings under >the "500" account now. > >Al Mulnick wrote: > > > >>I can honestly think of no plausible reason that any vendor I want to >>do business with would require that I use that or any specific >>account. There is never a time when that's acceptable. Wait. I want >>to be clear about this. There is never a time when it is acceptable to >>tell me that I MUST install and run under a specific named account. >> >>Any time I've been faced with that concept, I and my colleagues have >>always pushed back on the vendor to specify exactly what rights and >>any other pertinent details were needed. If they couldn't or >>otherwise wouldn't provide the details, then we emphatically recommend >>no sale. If that doesn't prevent the sale, we loop in the security >>folks to accept responsibility for the compliance and other security >>issues that this may introduce. If they were fine with it, then I no >>longer have a stake in the game for that. Instead, I no have a scape >>goat for anything to goes wrong ;) >> >>There is never a time when it is acceptable to tell me that I MUST >>install and run under a specific named account. Never. >> >> >>On 1/28/06, *Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]* >><[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: >> >> There have been times in recent past that certain installs or >> applications only work under the "500" account aka the real admin >> account down here in SBSland. >> >> In Big server land... do you also find this to be true with apps that >> need to be installed on the server? >> >> For many of you you are obviously remote admin'ing. >> >> Do you ..when using that 500 account... accept the risk of that Admin >> account/password over TS/3389? >> >> Only over VPN? Only use that 500 account in certain >> vlans/subnets/whatevers that obviously we in SBSland never carve >> up our >> domain structures in? >> >> For SOX purposes only have a documented use of that 500 account? >> >> For all other times do you use admin equivalent? >> >> >> -- >> Letting your vendors set your risk analysis these days? >> http://www.threatcode.com >> >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: >> http://www.mail-archive.com/activedir%40mail.activedir.org/ >> >> >> >> > > > -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
