I am reading the service account security planning guide at the moment http://www.microsoft.com/technet/security/topics/serversecurity/serviceaccount/default.mspx . There is some good stuff here we can use for least privilege. Its tricky and takes time. It just takes time to ensure every vendor and every product finally supports it. Until that time comes we can only do our best.
M@
On 8/25/06, Akomolafe, Deji <[EMAIL PROTECTED]> wrote:
Depends on what the agent is supposed to be doing, whether or not it's been proven stable or crappy, and whether or not your administrative/security philosophy allows such agent to be deployed on DCs.AFAIK, there is no credible reason to mandate a blanket no-agent-on-DC security or operational posture.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: [EMAIL PROTECTED]
Sent: Fri 8/25/2006 10:55 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Agents on Domain ControllersIs it just me or does it seem like everyone wants to put an agent or 5 on
Domain Controllers these days. Anyone know of any agents to steer clear of
(besides all of them)?
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
