On Fri, Feb 24, 2012 at 10:40 PM, Crawford, Scott <[email protected]> wrote: > The bottom line rule should be only enter DA credentials > into trusted machines.
Sure. But what's a trusted machine? The desktop you use day-to-day, but which follows best practices for security (lease privilege, patched, IDS, etc.)? Or do we demand a dedicated PC for Domain Admin creds? > You might want to investigate how much you *really* need to > use DA credentials. The question/problem then applies to the other privileged accounts you create to avoid using DA accounts. Or the problem morphs into, "How granular do you get with your privilege sets?" See also: RFC-1925, Rules 6 and 11. HHOS. :-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
