In principle, I support and advocate multiple user accounts. In (recent) practice, I've been spoiled by UAC on Vista and Win7. (Not suggesting that it mitigates *all* risk, btw)
-ASB: http://XeeSM.com/AndrewBaker On Thu, May 27, 2010 at 4:42 PM, Free, Bob <[email protected]> wrote: > 2-3 is max for any environment IMO. Everything else should be dome with > delegations. They must be your most proficient admins, not any old new hire. > > > > Check out some of joe Richard’s rants about it, he ran a multi-nationl > Global 5 firm with 3 EA /DA level admins who were, as he put it, all close > enough to smack each other. (+ 1 manager who had the keys in a break > glass/locked safe scenario) > > > > Personally, I am a fan of 3 accounts per admin for those enterprise level > admins, 1 uberadminID (DA/EA), 1 regular adminID with appropriate > delegations like all administrators should have and the usual day-to-day > userID > > > > *From:* David Lum [mailto:[email protected]] > *Sent:* Thursday, May 27, 2010 11:39 AM > > *To:* NT System Admin Issues > *Subject:* What's your requirement to allow a user DA? > > > > What are your guy’s prerequisites on someone having a Domain Admin account > – assume a medium or large company and 4-5+ Systems Engineers. Previously > here they’ve just had every new SE hire be domain admin, I’m thinking it’s > time to change that practice but I’ll need some ammo and a plan before I > have any hope of changing this. > > > > My thinking is along the line of “need to know what’s going in this AD > structure” as well as being proficient in all things AD, etc. > > > > Thoughts comments? I’m thinking there should only be 2-3 DA accounts max > per domain max. > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 > *// *(Cell) 503.267.9764 > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
