On Thu, May 29, 2008 at 10:00 AM, Wolf <[EMAIL PROTECTED]> wrote: > I use 3 seperate accounts myself, one for day to day as a power user, one for > workstations that is LOCAL admin rights only and finally one for domain > administration.
Me too, except that the day-to-day accounts me and my IT cow-orkers do not have any special privileges to the machine at all. A "Power User" account is basically the same as an Administrator account, so that doesn't afford much protection or practical difference. By running as unprivileged users, OTOH, we're still protected against system compromise due to malware, and we're also used to doing things the same was as all the "regular users". I try to eat my own dog food. We've got a PCADMIN account that has admin privileges to workstations. But as far as the servers are concerned, it's just a regular user account. Then there's the domain admin account, which has phenomenal cosmic powers, but only gets used for servers and other domain-wide stuff. There's only two of us in IT here, and we work side-by-side a lot, so I haven't bothered setting up different admin accounts for each of us. For larger organizations, or systems with particular security requirements (auditing who did what), that's a good idea, too. On Thu, May 29, 2008 at 1:05 PM, Salvador Manzo <[EMAIL PROTECTED]> wrote: > I always use an elevated CMD shell and just launch things from there. Me too (I'm starting to feel like an AOL user). I've actually got a batch file, with a Start Menu shortcut LNK, with a shortcut hotkey, so all I have to do is hit [CTRL]+[ALT]+[SHIFT]+[.], enter the password when prompted, and I get a new elevated CMD prompt window. (Without [SHIFT], I've got a different shortcut that just gives me a command prompt for my account.) -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
