The gone employees I have handled. The accounts in question are like Websense, myonelogin and other application-like accounts.
-----Original Message----- From: Webster [mailto:[email protected]] Sent: Tuesday, January 10, 2012 7:10 AM To: NT System Admin Issues Subject: Re: Domain Admin accounts In a SOX audit I would require verification from HR that every member of Domain Admins, Enterprise Admins and Schema Admins is a valid employee. You would probably not be surprised how many are not employed and have been gone for quite some time. Same process for off-site backup access (Iron Mountain, etc). Service accounts that are members of one or more of those groups have to have CIO (or equivalent level) sign-off. Thanks Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com <http://www.carlwebster.com/> On 1/10/12 8:57 AM, "David Lum" <[email protected]> wrote: >Yeah...I listed the DA accounts in question and the SE's didn't reply, >and my bet is 1/2 the accounts in question the don't even know what >they do. No security problem there "Yeah the dude has keys to the >castle, but I don't know who he is". > >Dave > >-----Original Message----- >From: Kurt Buff [mailto:[email protected]] >Sent: Monday, January 09, 2012 4:11 PM >To: NT System Admin Issues >Subject: Re: Domain Admin accounts > >On Mon, Jan 9, 2012 at 09:41, David Lum <[email protected]> wrote: >> We have several service accounts that are Domain Admin is there any >> way to test for what permissions these accounts actually need short >> of ³removing DA and see what happens?². I¹m guessing noŠ > >The big question will be exactly what jobs they are performing. You'll >need a complete understanding of what they're used for - or rather, >what you mean by "service account" > >Some service accounts are used for running services, and have a very >limited scope that is more or less traceable. Others are, for instance, >used in scheduled tasks, in which case you'll need to understand what >the task does > > >Kurt > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ ><http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >--- >To manage subscriptions click here: >http://lyris.sunbelt-software.com/read/my_forums/ >or send an email to [email protected] >with the body: unsubscribe ntsysadmin > > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ ><http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >--- >To manage subscriptions click here: >http://lyris.sunbelt-software.com/read/my_forums/ >or send an email to [email protected] >with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
