RE: [NTSysADM] Has anyone implemented this solution?

[Michael B. Smith]

I LOL'ed.

That being said - I've never seen a vaulting solution that properly handled a 
gazillion local admin passwords.

Do you have a specific solution to which you are referring?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Free, Bob
Sent: Wednesday, November 5, 2014 6:01 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Has anyone implemented this solution?

OTOH, I have found the entire thread invigorating.

:-D

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr
Sent: Wednesday, November 05, 2014 12:12 PM
To: ntsysadm
Subject: [spam] [dkim-failure] Re: [NTSysADM] Has anyone implemented this 
solution?

:-P

--
Espi


On Wed, Nov 5, 2014 at 12:08 PM, Free, Bob <r...@pge.com<mailto:r...@pge.com>> 
wrote:
[cid:image001.png@01CFF92E.A01CD650]

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Micheal Espinola Jr
Sent: Wednesday, November 05, 2014 12:03 PM
To: ntsysadm
Subject: [spam] [dkim-failure] Re: [NTSysADM] Has anyone implemented this 
solution?

*vigor ?

--
Espi


On Wed, Nov 5, 2014 at 11:59 AM, Free, Bob <r...@pge.com<mailto:r...@pge.com>> 
wrote:
Passwords can go in a vaulting solution and have all kinds of rigor wrapped 
around them.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Matthew W. Ross
Sent: Wednesday, November 05, 2014 9:13 AM

To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Has anyone implemented this solution?

Just curious, but what would you use as an alternative?

ACLs can be ignored if you have physical access to the machine. Online syncing 
solutions (like LastPass) are a little scary for me, if your keeping those keys 
to the kingdom in them. (Not to say LastPass and others like it are not great 
for personal password.)

The only other option I can think of is a hand-written list, kept on something 
non-digital. Please enlighten me to the (I'm sure glaringly obvious) solution 
I'm not thinking of! Sm:)e.


--Matt Ross
Ephrata School District


Matthew W. Ross <mr...@ephrataschools.org<mailto:mr...@ephrataschools.org>> , 
11/5/2014 9:07 AM:
Yes, if the file it's in is encrypted.


--Matt Ross
Ephrata School District


Kennedy, Jim 
<kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>> , 11/5/2014 
5:35 AM:

Are you two ok with storing important passwords in text document on a share and 
using ACL's to secure that?



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Matthew W. Ross
Sent: Tuesday, November 4, 2014 7:52 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Has anyone implemented this solution?



If you don't trust Windows based ACLs, how do you secure anything in Windows?



--Matt Ross
Ephrata School District





Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> , 
11/4/2014 4:46 PM:

Do you trust Windows ACL-based security?

If not - well, you might have a lot of other concerns as well.

-----Original Message-----
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Kurt Buff
Sent: Tuesday, November 4, 2014 7:41 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Has anyone implemented this solution?

Yes, they are stored in plain text in the AD field. That's something to think 
about, and something to test in the lab.

Kurt

On Tue, Nov 4, 2014 at 4:18 PM, Kennedy, Jim 
<kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>> wrote:
> My kid just pointed out that in the fine print it states the passwords
> are stored in plain text. Yea the are restricted access but still.....
>
>
> Comments mention you can get then encrypted with Premier.
>
> ------ Original message------
>
> From: Kurt Buff
>
> Date: Tue, Nov 4, 2014 3:51 PM
>
> To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>;
>
> Subject:Re: [NTSysADM] Has anyone implemented this solution?
>
> Cool. I'll see if I can lab this up, and if I get it working, I'll
> report back.
>
> Thanks!
>
> Kurt
>
> On Tue, Nov 4, 2014 at 12:35 PM, Kennedy, Jim
> <kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>> wrote:
>> Ok, got one confirmation from Twitter that it deployed with no
>> problems and works as advertised.
>>
>> -----Original Message-----
>> From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>
>> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>]
>>  On Behalf Of Kurt Buff
>> Sent: Tuesday, November 4, 2014 2:42 PM
>> To: NTSysADM@lists.myitforum.com<mailto:NTSysADM@lists.myitforum.com>
>> Subject: [NTSysADM] Has anyone implemented this solution?
>>
>> If so, how did it go? Any gotchas?
>>
>> Blog article on implementation
>>
>> http://blogs.technet.com/b/askpfeplat/archive/2014/05/19/how-to-autom<https://urldefense.proofpoint.com/v2/url?u=http-3A__blogs.technet.com_b_askpfeplat_archive_2014_05_19_how-2Dto-2Dautom&d=AAMFaQ&c=hLS_V_MyRCwXDjNCFvC1XhVzdhW2dOtrP9xQj43rEYI&r=TA_mjBT8bS0r8rLrnubGjA&m=tWCPp3g-pvgnZ8p6e3ndzixcHRvZZJxkRQdkD-uUsoQ&s=DK0MXDcOUb9tURz4P32T8bmZDzy8OU2LA2YFtr_fcuo&e=>
>> ate-changing-the-local-administrator-password.aspx
>>
>> Code for the project
>> https://code.msdn.microsoft.com/Solution-for-management-of-ae44e789<https://urldefense.proofpoint.com/v2/url?u=https-3A__code.msdn.microsoft.com_Solution-2Dfor-2Dmanagement-2Dof-2Dae44e789&d=AAMFaQ&c=hLS_V_MyRCwXDjNCFvC1XhVzdhW2dOtrP9xQj43rEYI&r=TA_mjBT8bS0r8rLrnubGjA&m=tWCPp3g-pvgnZ8p6e3ndzixcHRvZZJxkRQdkD-uUsoQ&s=kvqDLlwOzPJUXN7UPD5DdVIf-JiYO4TtfNiNhLyQcl0&e=>
>>
>> I might have the chance to implement, but wanted feedback before I
>> put it up in a lab.
>>
>> Thanks,
>>
>> Kurt
>>
>>
>
>

________________________________
PG&E is committed to protecting our customers' privacy.
To learn more, please visit http://www.pge.com/about/company/privacy/customer/
________________________________


________________________________
PG&E is committed to protecting our customers' privacy.
To learn more, please visit http://www.pge.com/about/company/privacy/customer/
________________________________


________________________________
PG&E is committed to protecting our customers' privacy.
To learn more, please visit http://www.pge.com/about/company/privacy/customer/
________________________________