Agreed on all accounts. With that said how do we still manage the EA, DA, and SA accounts with the 90 day rotation?
From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Wednesday, January 17, 2018 12:15 PM To: [email protected] Subject: [NTSysADM] RE: domain admin account passwords management Notice: This email is from an outside source. Please do not open any attachments, click on any hyperlinks, or respond without first confirming the authenticity of the email. I would suggest you should only have 4 (maximum) domain admin accounts. If Ford can get by with 4, so can you. And the actual Administrator account should have a disgustingly long password that is written down and put in a safe. I doubt highly that your service accounts need to be domain admins. They may need some specific privileges delegated, but actual domain admin? Probably not. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of David McSpadden Sent: Wednesday, January 17, 2018 12:01 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] domain admin account passwords management I know we have LAPS for local admins. What is everyone doing for domain admin account passwords management and compliance? We are being asked to change passwords every 90 days and most of the domain admins are service accounts? So...what does everyone else do to automate/management this? David McSpadden Systems Administrator Indiana Members Credit Union P: 317.554.8190| F: 317.554.8106 [Description: imcu email icon]<http://imcu.com/> [Description: facebook email icon] <https://www.facebook.com/IndianaMembersCU> [Description: twitter email icon] <https://twitter.com/IndMembersCU> [Description: email logo] [Image result for mcp logo]<https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwirvOT_m8fTAhVM1xoKHVbUA2kQjRwIBw&url=https://mssqlhub.wordpress.com/2013/09/23/pathway-for-microsoft-certification/&psig=AFQjCNHf-4M9Isb1398vr-wswZ04wRJObQ&ust=1493471205430002> This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
