I generally use a normal user account for accessing my PC, and an account with an admin prefix for administrative tasks. Since RunAs was introduced in Windows 2000 this became a hell of a lot easier :-). Also our server support guys generally have Power User access for logging on to servers for everyday tasks, and are temporarily elevated by a backbone security team when they need local admin or higher. This may be overkill for a lot of enterprises though.
2008/5/29 Matthew Carpenter <[EMAIL PROTECTED]>: > Just curious what your best practices are in the rights you give your > system administrators and other IT staff. Do they have domain admin rights > on their daily user accounts? Do you use separate accounts with higher > rights for auditing? > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
