The OP didn't specify if this was for servers or workstations. I use 3 seperate accounts myself, one for day to day as a power user, one for workstations that is LOCAL admin rights only and finally one for domain administration. I only ever user the most restrictive account I can get away with and the in the most restrictive fashion. If I need to do a local install of software I use RUNAS with local admin for example, rather than logging into the machine with the local admin profile.
On Thu, May 29, 2008 at 6:26 AM, Malcolm Reitz <[EMAIL PROTECTED]> wrote: > I think it has been a best practice since the '60s, at least :-) > > > > Malcolm > > *From:* Stephan Barr [mailto:[EMAIL PROTECTED] *On Behalf Of > *lists > *Sent:* Thursday, 29 May, 2008 08:16 > *To:* NT System Admin Issues > *Subject:* RE: Administrator Rights > > > > Two separate accounts; one normal domain user account and one > domain/enterprise/schema administrator account. As I recall this was a best > practice back in the '90s. TS everywhere as needed. > > > > Cheers. > > > ------------------------------ > > *From:* Matthew Carpenter [mailto:[EMAIL PROTECTED] > *Sent:* Thursday, May 29, 2008 7:19 AM > *To:* NT System Admin Issues > *Subject:* Administrator Rights > > > > > > > > > > ------------------------------ > This e-mail, including any attached files, may contain confidential and > privileged information for the sole use of the intended recipient. Any > review, use, distribution, or disclosure by others is strictly prohibited. > If you are not the intended recipient (or authorized to receive information > for the intended recipient), please contact the sender by reply e-mail and > delete all copies of this message. > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
