Erik, I'm going to have to agree with Brian on this. Making a copy of someone's DIT isn't the same as a proper backup. I don't think Brian's questioning your professionalism here - but if I was a customer I'd be quite nervous about this to.
The type of clients that Brian works with don't need consultants to take offsite backups for them :-) Cheers Ken ________________________________ From: Erik Goldoff [[email protected]] Sent: Wednesday, 8 July 2009 6:39 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain You're entitled to your opinion ... but from my experience, providing and offsite backup at my expense ( zero charge if not needed ) is a very VALUABLE service to most of these small businesses. And I *NEVER* do this without fully informing the client, so they always have right of refusal. Most have no idea about proper business continuity planning, and don't think ahead on how to get the business runnining again after a network shutdown. That said, I think your characterization of 'walking off with a copy' a bit harsh, it's not like I'm stealing a copy for my own benefit, selling to black hats, or putting them at extended risk. I would hope, given YOUR background, that you already have fallback plans in place, and it would not be necessary for ME to cover your behind like I do for many of my clients that don't know any better. Erik Goldoff IT Consultant Systems, Networks, & Security ________________________________ From: Brian Desmond [mailto:[email protected]] Sent: Tuesday, July 07, 2009 2:39 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain IMO a “network security engineer” would know better than to take copies of sensitive customer data like that. Put it this way, if you were on my payroll and I found out you were walking off with a copy of my DIT you’d be shown the door straight away. Thanks, Brian Desmond [email protected] c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: Sherry Abercrombie [mailto:[email protected]] Sent: Tuesday, July 07, 2009 11:52 AM To: NT System Admin Issues Subject: Re: Win2003 DC on Win2000 domain Agree with best practices, but with personal experience in dealing with consultants, we make them sign a contract/NDA that prohibits them from using any information or disclosing it outside our organization. On Tue, Jul 7, 2009 at 11:47 AM, Erik Goldoff <[email protected]<mailto:[email protected]>> wrote: With all due respect, if they cannot trust a network security engineer that helps to maintain and improve their security ( have remote access to firewall and TS ) then they may as well still run on paper. Their internal security knowledge, as well as any BCP is practically non-existant. But from a best practices perspective, you are right. Erik Goldoff IT Consultant Systems, Networks, & Security ________________________________ From: Brian Desmond [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, July 07, 2009 12:28 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain That is pretty scary from a risk management perspective that you’re walking off with a copy of the customer’s AD. Thanks, Brian Desmond [email protected]<mailto:[email protected]> c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
