Yes it will, as you are effectively just using OneDrive as a replication medium.
I treat all cloud storage as a replication point as I operate under the assumption all cloud data can dissappear without notice. Critical data I have the original, a local copy (at minimum in a seperate physical device), and a cloud copy. Backups are disk to disk to cloud. Put another way, I use the cloud as protection from a regional event that wipes out my local data and local copies. Dave Lum - [email protected] Sent from mobile device, please pardon the brevity. > On Oct 9, 2014, at 7:13 PM, Jon Harris <[email protected]> wrote: > > Dave will KeePass installed locally work with the cloud based database? I > have been thinking of doing that but my oldness keeps telling me to ignore > convenience for safety. > > Jon > > > Date: Thu, 9 Oct 2014 19:06:53 -0700 > > Subject: Re: [NTSysADM] Windows Service account management > > From: [email protected] > > To: [email protected] > > > > Probably safer than a web/cloud-based service (LastPass, et al) where > > the database isn't under your direct control, as long as you have a > > good password on the database. > > > > Kurt > > > > On Thu, Oct 9, 2014 at 7:00 PM, Dave Lum <[email protected]> wrote: > > > LOL –I store mine in Keepass…on my OneDrive. > > > > > > > > > > > > From: [email protected] > > > [mailto:[email protected]] > > > On Behalf Of Jon Harris > > > Sent: Thursday, October 09, 2014 3:43 PM > > > To: [email protected] > > > Subject: RE: [NTSysADM] Windows Service account management > > > > > > > > > > > > I really dislike the idea of storing my passwords and user IDs in the > > > cloud. > > > That is why I use KeePass. It would be more convenient out in the cloud > > > but > > > just my dislike and distrust of cloud based stuff. Yeah, yeah OLD foggy I > > > know. > > > > > > Jon > > > > > > > > > ________________________________ > > > > > > From: [email protected] > > > To: [email protected] > > > Subject: RE: [NTSysADM] Windows Service account management > > > Date: Thu, 9 Oct 2014 15:33:02 +0000 > > > > > > LastPass runs on all of those platforms and my Kindle :-D > > > > > > > > > > > > Actually I can’t vouch for WP because I don’t have one but it’s supported > > > and it does run just fine on my RT tablet. > > > > > > > > > > > > Also has a level of enterprise support & secure password sharing facility. > > > > > > > > > > > > Not a substitute for a full blown on-prem password vaulting solution[1] > > > but > > > it can solve a lot of problems > > > > > > > > > > > > [1] Which still has some of the inherent shortcomings mentioned in this > > > thread but can close a lot of gaps. We have 10’s of thousands of root and > > > administrator accounts that are now unique & fully managed. > > > > > > > > > > > > From: [email protected] > > > [mailto:[email protected]] > > > On Behalf Of Jon Harris > > > Sent: Wednesday, October 08, 2014 4:46 PM > > > > > > > > > To: [email protected] > > > Subject: RE: [NTSysADM] Windows Service account management > > > > > > > > > > > > KeePass does not appear to have a version to work on Windows RT or phones > > > YET. I hope they do eventually get there though. > > > > > > Jon > > > > > > > > >> Date: Wed, 8 Oct 2014 15:00:41 -0700 > > >> Subject: Re: [NTSysADM] Windows Service account management > > >> From: [email protected] > > >> To: [email protected] > > >> > > >> Password Safe and Keepass both come in flavors that run on iPhone and > > >> Android, as well as Windows and *nix. > > >> > > >> Kurt > > >> > > >> On Wed, Oct 8, 2014 at 2:40 PM, James Button > > >> <[email protected]> wrote: > > >> > Yup! Nice concepts > > >> > And > > >> > 20 chars long - it better be based on a phrase I can remember, or I'll > > >> > have to > > >> > write it down on something I keep near the system where I logon. > > >> > Maybe I can write it as the hint facility > > >> > Special characters - yup - definitely needs writing down > > >> > Ah! I can have the system remember the password and enter it whenever I > > >> > put my > > >> > id in the userid panel > > >> > > > >> > Hey - I'm the sysprog, and I can't ask someone else to fix my lost > > >> > password for > > >> > me, and management are not going to be happy if I can't fix their > > >> > forgotten > > >> > password > > >> > > > >> > Ah! This weeks selection of monthly password updates, where's my jotter > > >> > - postit > > >> > pad - that will do. > > >> > > > >> > The above is based on experience from many years as sysprog and > > >> > security > > >> > management techy on a site with mainframes, mini's, comms, network > > >> > servers and > > >> > PC's. > > >> > > > >> > And then, having required the consultant's ideas be implemented, > > >> > management > > >> > wonder why people create back-doors and/or write notes on passwords. > > >> > > > >> > At least - for most systems, I was allowed to change the password, so > > >> > used a > > >> > long phrase I could remember, and just wrote down the formula for > > >> > selecting the > > >> > characters from the phrase. > > >> > > > >> > Are you sure you will never need to logon either locally, or remotely - > > >> > not even > > >> > for a restore and update to 'current' status process. > > >> > > > >> > That said, how about limiting logon attempts to 1 a minute - that will > > >> > (hopefully) deal with brute-force attempts. > > >> > If possible email alerts about failed logon attempts (at least 2 > > >> > userid's - > > >> > system manager (techy), their manager, and a 'in-post' id - both bad > > >> > password > > >> > and not-allowed methods. > > >> > > > >> > You really want to know about access attempts rather than accessed by > > >> > inappropriate persons. > > >> > > > >> > > > >> > JimB > > >> > > > >> > > > >> > ----Original Message----- > > >> > From: [email protected] > > >> > [mailto:[email protected]] On > > >> > Behalf Of Dave Lum > > >> > Sent: Wednesday, October 08, 2014 10:17 PM > > >> > To: [email protected] > > >> > Subject: RE: [NTSysADM] Windows Service account management > > >> > > > >> > Here's what I have so far. Thoughts? > > >> > > > >> > -- Windows Service Account Policy -- > > >> > .Passwords must be > 20 characters in length > > >> > .Passwords must be human-unreadable (preferably auto-generated from a > > >> > password management tool) requiring upper case alpha, lower case alpha, > > >> > numbers AND special characters > > >> > .[Optional] If there is a service account management tool that can > > >> > automate password control and changes, this would be used > > >> > .Service accounts will be in a dedicated OU in Active Directory that > > >> > has > > >> > inheritance disabled to ensure typical domain-wide policies aren't > > >> > unintentionally applied > > >> > .Service account GPO's will be applied that restrict the ability for > > >> > them > > >> > to be used like a typical human user account. This includes configuring > > >> > the following: > > >> > .Disable Interactive logon > > >> > .Deny log on locally > > >> > .Deny log on through Terminal Services > > >> > .Logon restricted to specific machines > > >> > .Auditing enable for logon events > > >> > .Enable alerting for failed logons > > >> > > > >> > -- Windows Service Account Management -- > > >> > 1.Collect criteria > > >> > a.Identify the process or function that requires a service account > > >> > other > > >> > than the BuiltIn Windows accounts > > >> > b.Identify the specific servers that this service account needs access > > >> > to > > >> > c.Determine the level of system access needed (run as batch, log on as > > >> > service, etc.) by the service account > > >> > 2.Create accounta.Account name should start with "svc. " and be > > >> > descriptive > > >> > b.Assign a complex password that meets the requirements listed above > > >> > c.In the AD properties under the "Account" tab, use the "Log On To" > > >> > option > > >> > to specify the servers this account has the ability to log on to > > >> > d.Description field should contain the application name, process, and > > >> > or > > >> > function > > >> > e.Place account into the ServiceAccounts OU > > >> > > > >> > Dave > > >> > > > >> >>> > > >> >>> On 8 October 2014 21:40, Dave Lum > > >> >>> <[email protected]<mailto:[email protected]>> wrote: > > >> >>> > > >> >>>> I've been tasked to create documentation on creation and management > > >> >>>> of > > >> >>>> Windows Service accounts, does anyone here have something I can use > > >> >>>> and > > >> >>>> modify? > > >> >>>> > > >> >>>> TIA, > > >> >>>> Dave > > >> >>>> > > >> >>>> > > >> >>>> > > >> >>>> > > >> >>>> > > >> >>> > > >> >>> > > >> >>> -- > > >> >>> *James Rankin* > > >> >>> --------------------- > > >> >>> RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The > > >> >>> Virtualization > > >> >>> Practice Analyst - Desktop Virtualization > > >> >>> http://appsensebigot.blogspot.co.uk > > >> >>> > > >> >>> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> -- > > >> >> James Rankin > > >> >> --------------------- > > >> >> RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The > > >> >> Virtualization > > >> >> Practice Analyst - Desktop Virtualization > > >> >> http://appsensebigot.blogspot.co.uk > > >> >> > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > >> > > > > > > > > > > > > ________________________________ > > > > > > PG&E is committed to protecting our customers' privacy. > > > To learn more, please visit > > > http://www.pge.com/about/company/privacy/customer/ > > > > > > ________________________________ > > > Attention: Information contained in this message and or attachments is > > > intended only for the recipient(s) named above and may contain > > > confidential > > > and or privileged material that is protected under State or Federal law. > > > If > > > you are not the intended recipient, any disclosure, copying, distribution > > > or > > > action taken on it is prohibited. If you believe you have received this > > > email in error, please contact the sender, delete this email and destroy > > > all > > > copies. > > > >
