I have two customers using this, quite happily. http://www.netwrix.com/privileged_account_manager.html
I can’t remember the size of your shop – it may be a bit much for a smaller organization. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Kurt Buff [mailto:[email protected]] Sent: Tuesday, July 12, 2011 12:28 AM To: NT System Admin Issues Subject: Re: Win7 UAC - is your on or off? The good memory I have, though it's not as good as it used to be - I can only keep about 20 or so really straight any more. Lots of service accounts at work, plus my personal accounts for banking/financial, email, shopping, etc. I took a brief look at Password Corral when you first mentioned it a few days ago. Looks interesting, but it didn't look like it offered enough beyond password safe to make the switch. What I'd *really* like is an app that would be useful for multiple people at work, with multiple levels/domains for those with different privileges, such as DBAs, programmers, desktop admins, server admins ande EAs/DAs all getting only what they need. I've set up 4 different shared password safe databases, plus individual ones, for the IT staff here, but if someone has a database open for writing, the others only get RO access, which is sometimes an annoyance. For expiration, we're still on Win2k3 R2, so it's the same for everyone, and it's set at 90 days. I occasionally try to sell folks on the idea that changing a 20+ character password once a year is far better than changing an 8+ character password every three months, but I haven't found folks amenable to that yet. I live in hope... Kurt On Mon, Jul 11, 2011 at 21:09, Andrew S. Baker <[email protected]<mailto:[email protected]>> wrote: Good memory + Generous Password Expiration (120 days for normal accounts / 180 days for admin accounts) + Password Corral ASB http://about.me/Andrew.S.Baker Harnessing the Advantages of Technology for the SMB market… On Mon, Jul 11, 2011 at 11:24 PM, Kurt Buff <[email protected]<mailto:[email protected]>> wrote: I've been thinking that would be a good idea, but don't have my first two accounts figured out yet. I want to get to that point sooner rather than later, especially since we'll be migrating to Ex2010 soonish, and I want to use a different account for that, and then set up an account for administering workstations. How do you keep your passwords straight? I use password safe, for the most part. Kurt On Mon, Jul 11, 2011 at 18:31, Jonathan Link <[email protected]<mailto:[email protected]>> wrote: > I'm running three accounts generally, and sometimes a fourth. > Personal everyday work account, no admin access anywhere. > Workstation admin account for general admin tasks on my machine and machines > I'm not concerned about being infected with something. > Domain admin account for accessing servers, only. > I also have a honeypot account that I enable to interactively login to a > live machine, and disable once I'm done, it's in the workstation admin > group. > > On Mon, Jul 11, 2011 at 9:03 PM, Kurt Buff > <[email protected]<mailto:[email protected]>> wrote: >> >> I'm collecting a bunch of command lines for launching my tools from a >> non-elevated prompt (either Start/Run, or a shell), but some just >> don't work well, and I keep an elevated command prompt for just that >> purpose. >> >> I'm working at making my personal account a non-admin on my own >> machine, and everywhere else, and using a specific DA account for the >> things I need to do those kinds of tasks. >> >> Kurt >> >> On Mon, Jul 11, 2011 at 17:17, Hilderbrand, Doug >> <[email protected]<mailto:[email protected]>> >> wrote: >> >>> I have a few apps that prompt me every time I run them. >> > >> > For the 2 apps that trip UAC every time I run them (for no discernable >> > reason: >> > I think it's because of a localmachine registry key), >> > I: >> > * created a scheduled task (with no trigger) >> > * turned on the "Run with highest privileges" option >> > * created shortcut to C:\Windows\System32\schtasks.exe /run /tn >> > "Taskname" >> > >> > No UAC prompt. >> > >> > >> > Doug Hilderbrand | Systems Analyst, Information Technology | Crane >> > Aerospace & Electronics >> > >> > >> > -----Original Message----- >> > From: Joseph Heaton [mailto:[email protected]<mailto:[email protected]>] >> > Sent: Thursday, June 30, 2011 8:10 AM >> > To: NT System Admin Issues >> > Subject: Re: Win7 UAC - is your on or off? >> > >> > I'm an admin on my own machine, but I still have UAC running. I have a >> > few apps that prompt me everytime I run them. >> > >> >>>> David Lum <[email protected]<mailto:[email protected]>> 06/30/11 7:34 >> >>>> AM >>> >> > Do any of you turn this off? I had our Service Desk Manager look at me >> > like I had two heads when I told him I don't turn mine off and I asked >> > "yours is off?" and he answered "It's me, I know when I am doing >> > something to my system...". >> > >> > I swear I read somewhere there is good reason to keep UAC on and just >> > throttle down the prompts (with Win7 I've left it at default), but I'll >> > be damned if I can find it at the moment. I thought it was a Minasi or >> > other level of author. >> > >> > Desmond? >> > David Lum ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
