+1 to no shared accounts at the admin level.
*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…* * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A On Thu, Dec 24, 2015 at 2:29 PM, Kurt Buff <[email protected]> wrote: > One person, multiple accounts, no shared accounts. > > And it's damned unlikely that he'd need EA for any task, unless he's > extending the schema, which happens only very rarely. He's going to > have to justify that he needs it for the task. > > I can see having the DA account also be an EA, if only because in so > many configurations it's just a matter of the DA adding the > membership, but not vice versa. > > Kurt > > On Thu, Dec 24, 2015 at 9:59 AM, Heaton, Joseph@Wildlife > <[email protected]> wrote: > > I’ve been approached recently to put one of my admins into the Enterprise > > Admins group, because he used to have it, and thought he needed it for a > > specific task. We recently cleaned up this group, and I’m hesitant to > > re-add another admin, especially on the basis of “I used to have it”. We > > currently are down to 3 users in the group, myself and two others. The > > accounts used are our admin accounts, which are Domain Admins in > addition to > > Enterprise Admins. What I was wondering is this: > > > > > > > > Should we actually be using unique accounts just for the Enterprise Admin > > role, or is the way we have it ok? Should we instead have a service > account > > placeholder in the Enterprise Admin group, and use that to either do > > whatever work needs done, or to add ourselves as needed? I’d love to > hear > > what everyone out there is doing. > > > > > > > > Thanks, > > > > > > > > Joe Heaton > > > > Information Technology Operations Branch > > > > Data and Technology Division > > > > CA Department of Fish and Wildlife > > > > 1700 9th Street, 3rd Floor > > > > Sacramento, CA 95811 > > > > Desk: (916) 323-1284 > > > > > > > > Every Californian should conserve water. > > >
