*>>I've set up 4 different shared password safe databases, plus individual ones, for the IT staff here, but if someone has a database open for writing, the others only get RO access, which is sometimes an annoyance.*
There are some options, no good free ones so far that I've found... - http://www.thycotic.com/products_secretserver_overview.html - http://www.soft-o.com/products/crypt-o.html * * *ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Jul 12, 2011 at 12:27 AM, Kurt Buff <[email protected]> wrote: > The good memory I have, though it's not as good as it used to be - I can > only keep about 20 or so really straight any more. Lots of service accounts > at work, plus my personal accounts for banking/financial, email, shopping, > etc. I took a brief look at Password Corral when you first mentioned it a > few days ago. Looks interesting, but it didn't look like it offered enough > beyond password safe to make the switch. > > What I'd *really* like is an app that would be useful for multiple people > at work, with multiple levels/domains for those with different privileges, > such as DBAs, programmers, desktop admins, server admins ande EAs/DAs all > getting only what they need. > > I've set up 4 different shared password safe databases, plus individual > ones, for the IT staff here, but if someone has a database open for writing, > the others only get RO access, which is sometimes an annoyance. > > For expiration, we're still on Win2k3 R2, so it's the same for everyone, > and it's set at 90 days. I occasionally try to sell folks on the idea that > changing a 20+ character password once a year is far better than changing an > 8+ character password every three months, but I haven't found folks amenable > to that yet. I live in hope... > > Kurt > > > On Mon, Jul 11, 2011 at 21:09, Andrew S. Baker <[email protected]> wrote: > >> Good memory + Generous Password Expiration (120 days for normal accounts / >> 180 days for admin accounts) + Password Corral >> >> * * >> >> *ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of >> Technology for the SMB market… >> >> * >> >> >> >> On Mon, Jul 11, 2011 at 11:24 PM, Kurt Buff <[email protected]> wrote: >> >>> I've been thinking that would be a good idea, but don't have my first >>> two accounts figured out yet. I want to get to that point sooner >>> rather than later, especially since we'll be migrating to Ex2010 >>> soonish, and I want to use a different account for that, and then set >>> up an account for administering workstations. >>> >>> How do you keep your passwords straight? I use password safe, for the >>> most part. >>> >>> Kurt >>> >>> On Mon, Jul 11, 2011 at 18:31, Jonathan Link <[email protected]> >>> wrote: >>> > I'm running three accounts generally, and sometimes a fourth. >>> > Personal everyday work account, no admin access anywhere. >>> > Workstation admin account for general admin tasks on my machine and >>> machines >>> > I'm not concerned about being infected with something. >>> > Domain admin account for accessing servers, only. >>> > I also have a honeypot account that I enable to interactively login to >>> a >>> > live machine, and disable once I'm done, it's in the workstation admin >>> > group. >>> > >>> > On Mon, Jul 11, 2011 at 9:03 PM, Kurt Buff <[email protected]> >>> wrote: >>> >> >>> >> I'm collecting a bunch of command lines for launching my tools from a >>> >> non-elevated prompt (either Start/Run, or a shell), but some just >>> >> don't work well, and I keep an elevated command prompt for just that >>> >> purpose. >>> >> >>> >> I'm working at making my personal account a non-admin on my own >>> >> machine, and everywhere else, and using a specific DA account for the >>> >> things I need to do those kinds of tasks. >>> >> >>> >> Kurt >>> >> >>> >> On Mon, Jul 11, 2011 at 17:17, Hilderbrand, Doug >>> >> <[email protected]> wrote: >>> >> >>> I have a few apps that prompt me every time I run them. >>> >> > >>> >> > For the 2 apps that trip UAC every time I run them (for no >>> discernable >>> >> > reason: >>> >> > I think it's because of a localmachine registry key), >>> >> > I: >>> >> > * created a scheduled task (with no trigger) >>> >> > * turned on the "Run with highest privileges" option >>> >> > * created shortcut to C:\Windows\System32\schtasks.exe /run /tn >>> >> > "Taskname" >>> >> > >>> >> > No UAC prompt. >>> >> > >>> >> > >>> >> > Doug Hilderbrand | Systems Analyst, Information Technology | Crane >>> >> > Aerospace & Electronics >>> >> > >>> >> > >>> >> > -----Original Message----- >>> >> > From: Joseph Heaton [mailto:[email protected]] >>> >> > Sent: Thursday, June 30, 2011 8:10 AM >>> >> > To: NT System Admin Issues >>> >> > Subject: Re: Win7 UAC - is your on or off? >>> >> > >>> >> > I'm an admin on my own machine, but I still have UAC running. I >>> have a >>> >> > few apps that prompt me everytime I run them. >>> >> > >>> >> >>>> David Lum <[email protected]> 06/30/11 7:34 AM >>> >>> >> > Do any of you turn this off? I had our Service Desk Manager look at >>> me >>> >> > like I had two heads when I told him I don't turn mine off and I >>> asked >>> >> > "yours is off?" and he answered "It's me, I know when I am doing >>> >> > something to my system...". >>> >> > >>> >> > I swear I read somewhere there is good reason to keep UAC on and >>> just >>> >> > throttle down the prompts (with Win7 I've left it at default), but >>> I'll >>> >> > be damned if I can find it at the moment. I thought it was a Minasi >>> or >>> >> > other level of author. >>> >> > >>> >> > Desmond? >>> >> > David Lum >>> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
