Thanks for that suggestion, Michael The pricing doesn't seem too bad, btw.
* * *ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Jul 12, 2011 at 8:38 AM, Michael B. Smith <[email protected]>wrote: > I have two customers using this, quite happily.**** > > ** ** > > http://www.netwrix.com/privileged_account_manager.html**** > > ** ** > > I can’t remember the size of your shop – it may be a bit much for a smaller > organization.**** > > ** ** > > Regards,**** > > ** ** > > Michael B. Smith**** > > Consultant and Exchange MVP**** > > http://TheEssentialExchange.com**** > > ** ** > > *From:* Kurt Buff [mailto:[email protected]] > *Sent:* Tuesday, July 12, 2011 12:28 AM > > *To:* NT System Admin Issues > *Subject:* Re: Win7 UAC - is your on or off?**** > > ** ** > > The good memory I have, though it's not as good as it used to be - I can > only keep about 20 or so really straight any more. Lots of service accounts > at work, plus my personal accounts for banking/financial, email, shopping, > etc. I took a brief look at Password Corral when you first mentioned it a > few days ago. Looks interesting, but it didn't look like it offered enough > beyond password safe to make the switch. > > What I'd *really* like is an app that would be useful for multiple people > at work, with multiple levels/domains for those with different privileges, > such as DBAs, programmers, desktop admins, server admins ande EAs/DAs all > getting only what they need. > > I've set up 4 different shared password safe databases, plus individual > ones, for the IT staff here, but if someone has a database open for writing, > the others only get RO access, which is sometimes an annoyance. > > For expiration, we're still on Win2k3 R2, so it's the same for everyone, > and it's set at 90 days. I occasionally try to sell folks on the idea that > changing a 20+ character password once a year is far better than changing an > 8+ character password every three months, but I haven't found folks amenable > to that yet. I live in hope... > > Kurt**** > > On Mon, Jul 11, 2011 at 21:09, Andrew S. Baker <[email protected]> wrote:* > *** > > Good memory + Generous Password Expiration (120 days for normal accounts / > 180 days for admin accounts) + Password Corral > **** > > *ASB***** > > *http://about.me/Andrew.S.Baker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > > > **** > > On Mon, Jul 11, 2011 at 11:24 PM, Kurt Buff <[email protected]> wrote:** > ** > > I've been thinking that would be a good idea, but don't have my first > two accounts figured out yet. I want to get to that point sooner > rather than later, especially since we'll be migrating to Ex2010 > soonish, and I want to use a different account for that, and then set > up an account for administering workstations. > > How do you keep your passwords straight? I use password safe, for the most > part. > > Kurt > > On Mon, Jul 11, 2011 at 18:31, Jonathan Link <[email protected]> > wrote: > > I'm running three accounts generally, and sometimes a fourth. > > Personal everyday work account, no admin access anywhere. > > Workstation admin account for general admin tasks on my machine and > machines > > I'm not concerned about being infected with something. > > Domain admin account for accessing servers, only. > > I also have a honeypot account that I enable to interactively login to a > > live machine, and disable once I'm done, it's in the workstation admin > > group.**** > > > > > On Mon, Jul 11, 2011 at 9:03 PM, Kurt Buff <[email protected]> wrote: > >> > >> I'm collecting a bunch of command lines for launching my tools from a > >> non-elevated prompt (either Start/Run, or a shell), but some just > >> don't work well, and I keep an elevated command prompt for just that > >> purpose. > >> > >> I'm working at making my personal account a non-admin on my own > >> machine, and everywhere else, and using a specific DA account for the > >> things I need to do those kinds of tasks. > >> > >> Kurt > >> > >> On Mon, Jul 11, 2011 at 17:17, Hilderbrand, Doug > >> <[email protected]> wrote: > >> >>> I have a few apps that prompt me every time I run them. > >> > > >> > For the 2 apps that trip UAC every time I run them (for no discernable > >> > reason: > >> > I think it's because of a localmachine registry key), > >> > I: > >> > * created a scheduled task (with no trigger) > >> > * turned on the "Run with highest privileges" option > >> > * created shortcut to C:\Windows\System32\schtasks.exe /run /tn > >> > "Taskname" > >> > > >> > No UAC prompt. > >> > > >> > > >> > Doug Hilderbrand | Systems Analyst, Information Technology | Crane > >> > Aerospace & Electronics > >> > > >> > > >> > -----Original Message----- > >> > From: Joseph Heaton [mailto:[email protected]] > >> > Sent: Thursday, June 30, 2011 8:10 AM > >> > To: NT System Admin Issues > >> > Subject: Re: Win7 UAC - is your on or off? > >> > > >> > I'm an admin on my own machine, but I still have UAC running. I have > a > >> > few apps that prompt me everytime I run them. > >> > > >> >>>> David Lum <[email protected]> 06/30/11 7:34 AM >>> > >> > Do any of you turn this off? I had our Service Desk Manager look at me > >> > like I had two heads when I told him I don't turn mine off and I asked > >> > "yours is off?" and he answered "It's me, I know when I am doing > >> > something to my system...". > >> > > >> > I swear I read somewhere there is good reason to keep UAC on and just > >> > throttle down the prompts (with Win7 I've left it at default), but > I'll > >> > be damned if I can find it at the moment. I thought it was a Minasi or > >> > other level of author. > >> > > >> > Desmond? > >> > David Lum**** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
