They have a point on the server admin account being blank. Their requirement is physically secure and deny network logon/access for that account. Considering you can hit a server physically, F8 it and reboot in safe mode and pop right in a password does make a password rather pointless....again if you meet their requirements.
Account lockout off I am not so sure about. Without it how many people would still be infected with Conflicker and not know it. From: Christopher Bodnar [mailto:[email protected]] Sent: Thursday, June 14, 2012 9:06 AM To: NT System Admin Issues Subject: What is your take on this (built-in admin password and account lockout) One of our VP's just ran across this article and is asking for my input: http://technet.microsoft.com/en-us/library/cc512606.aspx Which seems to be recommending two things: Leave the built-in administrator password blank There is no need for account lockout to be enabled I disagree with both assumptions. I also find it odd that this is a MS recommendation. I'd like to hear others thoughts on these comments. Thanks, Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
