+1 Admins should be using regular accounts for day-to-day activities on their machines (including reading email, browsing the web etc). If they need to do something on a server, they can TS in with elevated privileges, or you can have dedicated admin machines that are not used for web browsing etc
Cheers Ken From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 May 2008 10:26 PM To: NT System Admin Issues Subject: RE: Administrator Rights If you have not yet separated the accounts - you should. It is an eye-opening experience. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Matthew Carpenter [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2008 8:19 AM To: NT System Admin Issues Subject: Administrator Rights Just curious what your best practices are in the rights you give your system administrators and other IT staff. Do they have domain admin rights on their daily user accounts? Do you use separate accounts with higher rights for auditing? ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
