Yeah...I listed the DA accounts in question and the SE's didn't reply, and my bet is 1/2 the accounts in question the don't even know what they do. No security problem there "Yeah the dude has keys to the castle, but I don't know who he is".
Dave -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Monday, January 09, 2012 4:11 PM To: NT System Admin Issues Subject: Re: Domain Admin accounts On Mon, Jan 9, 2012 at 09:41, David Lum <[email protected]> wrote: > We have several service accounts that are Domain Admin – is there any > way to test for what permissions these accounts actually need short of > “removing DA and see what happens?”. I’m guessing no… The big question will be exactly what jobs they are performing. You'll need a complete understanding of what they're used for - or rather, what you mean by "service account" Some service accounts are used for running services, and have a very limited scope that is more or less traceable. Others are, for instance, used in scheduled tasks, in which case you'll need to understand what the task does Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
