On Tue, Feb 28, 2012 at 6:32 PM, Crawford, Scott <[email protected]> wrote:
>> When one person is doing everything from a single PC, logging into
>> 42 different accounts isn't going to yield nearly as much benefit.
>
> Agreed, but I'd suspect 3 would be a pretty beneficial place to start:
> 1) Unprivileged standard user
> 2) Local administrator
> 3) Domain administrator
Yah, that's similar to what we do here currently. Everybody has
their individual user account, which has basically no "special"
privileges. ("Special" meaning something to do with computer
internals, as opposed to just controlling access to "ordinary" data.)
Then we've got a "PCADMIN" account, which is in "Administrators" on
most client computers, but is not special for servers or AD. Then
there's the company-wide all-powerful uber account. Now that the IT
department is more than just me, I really should change the scheme so
that each warm body in IT gets its own of each privileged account.
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
