Good feedback. Great to see what everyone is doing. Just an FYI, MS has a guide for this practice, found here:
http://www.microsoft.com/technet/security/guidance/serversecurity/administratoraccounts/default.mspx On Thu, May 29, 2008 at 12:05 PM, Salvador Manzo <[EMAIL PROTECTED]> wrote: > It's the starting path. The shortcuts use environment variables > (%HOMEDIR% IIRC) which don't seem to get picked up by Run As. > > I always use an elevated CMD shell and just launch things from there. (It > helps that I've memorized the major MSC names). > > > On 5/29/08 6:57 AM, "Krishna Reddy" <[EMAIL PROTECTED]> wrote: > > Slightly OT, I have XP SP2 machines when I try to open Computer Management, > Services, etc using Run As, it will thow an invalid directory error (like > when you try to use Run As on an exe that is on a mapped drive). This only > happens when the system is connected to the LAN. If it is not plugged in, > the Run As works normally. I have to go into the Windows\system32 directory > and use Run As there for it to work. > > Krishna Reddy > IT Manager > Nucomm, Inc. > > > ------------------------------ > *From:* James Rankin [mailto:[EMAIL PROTECTED] <[EMAIL PROTECTED]>] > > *Sent:* Thursday, May 29, 2008 8:28 AM > *To:* NT System Admin Issues > *Subject:* Re: Administrator Rights > > I generally use a normal user account for accessing my PC, and an account > with an admin prefix for administrative tasks. Since RunAs was introduced in > Windows 2000 this became a hell of a lot easier :-). Also our server support > guys generally have Power User access for logging on to servers for everyday > tasks, and are temporarily elevated by a backbone security team when they > need local admin or higher. This may be overkill for a lot of enterprises > though. > > 2008/5/29 Matthew Carpenter <[EMAIL PROTECTED]>: > > Just curious what your best practices are in the rights you give your > system administrators and other IT staff. Do they have domain admin rights > on their daily user accounts? Do you use separate accounts with higher > rights for auditing? > > > > > > > > > > > > > > > > The information contained in this email and attachments to this email are > the proprietary and confidential property > of Nucomm, Inc. The information is provided in strict confidence and shall > not be reproduced, copied, or > used (partially or wholly) in any manner without prior, express written > authorization of Nucomm, Inc. > > > > ----- > *Salvador Manzo* [ 620 W. 35th St - Los Angeles, CA 90089 *e. ** > [EMAIL PROTECTED] ] > Auxiliary Services IT, Datacenter > University of Southern California > 818-612-5112 > *The injury which may possibly be done by defeating a few good laws, will > be amply compensated by the advantage of preventing a number of bad ones. -- > Alexander Hamilton, Federalist No. 73 on the veto power* > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
