In addition to Brian's comments, once you are DA (by default), you can clear the Windows event logs. So a real-time log archival system (which is not accessible by the DA) would also be required.
Cheers Ken From: Ziots, Edward [mailto:[email protected]] Sent: Monday, 21 November 2011 9:44 PM To: NT System Admin Issues Subject: RE: Delegation question /Security engineer hat on but there should be a log of the helpdesk analyst doing the password reset in the AD logs on the AD account and then the logon access of the DA account and where from, which should leave the audit trail to followup and correct the action and deal with the situation in which the helpdesk analyst created. So auditing and accountability is covered, keeping both sides happy, and again how likely of a situation is it in your companies, ( times in past it has happened etc etc, and what administrative action has happened to those individuals that have tried to perpetrate this ?) Also if there is going to be a group that is covering PCI/SOX issues from a Sec engineering, auditing focus I would love to get in on that discussion, since there is going to be some changes on my end soon. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
