Also limit the knowledge of the service account password to two individuals (pleasant reason: in case you need it when one of them is on vacation; real reason: in case one of them gets ran over by a truck). Make sure that these two individuals are not among the bozos that currently abuse the account. If the password leaks out to other people, change it immediately and warn the people who gave it away and tell them they won't get another warning.
Another thing you definitely have to do is to make sure that the people who know the Exchange Service account password have equal or more rights on the network with their own id (or whatever administration id you assign them). Otherwise, they will always be tempted to use the Exchange Service account to bypass "difficulties". One last advice, document all the decisions you make in a service account usage policy and have IT management sign off on it. S. -----Original Message----- From: Tony Hlabse [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 01, 2001 1:53 PM To: Exchange Discussions Subject: Re: Exchange Password Ditto make an Exchange admin group. Better way to go. ----- Original Message ----- From: "Martin Blackstone" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Thursday, November 01, 2001 1:41 PM Subject: RE: Exchange Password > Well, you could change the service account password, but you will want > to read up on that before doing it. There are some procedures to follow. > Once you do that, one person and one person only should have that > password. > As for having users with Exch admin privileges, create a global group, > call it Exch admins. Give the group the appropriate rights in the > EXAdmin program, then add and remove users from that group as needed. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Smith Thomas > Contr 911 SPTG/SC > Sent: Thursday, November 01, 2001 10:33 AM > To: Exchange Discussions > Subject: Exchange Password > > > hi, > we have some administrators that uses the exchange account password. > is there a way of securing it, due to negligence and abuse. I just > started at this company and that is the way admins login in to exchange, > even though they do not have exchange experience, somebody can login and > screw smoething up and i won't know who it is , because of the use of > the exchange account. > > > > > thanks > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
