On Fri, Feb 24, 2012 at 21:00, Ben Scott <[email protected]> wrote: > On Fri, Feb 24, 2012 at 10:40 PM, Crawford, Scott <[email protected]> > wrote: >> The bottom line rule should be only enter DA credentials >> into trusted machines. > > Sure. But what's a trusted machine?
The one that I built, to my standards, and into which only I log. > The desktop you use > day-to-day, but which follows best practices for security (lease > privilege, patched, IDS, etc.)? Yep. Like that. > Or do we demand a dedicated PC for > Domain Admin creds? That could work, too, though it's cumbersome. >> You might want to investigate how much you *really* need to >> use DA credentials. > > The question/problem then applies to the other privileged accounts > you create to avoid using DA accounts. Or the problem morphs into, > "How granular do you get with your privilege sets?" > > See also: RFC-1925, Rules 6 and 11. HHOS. :-) It's my favorite RFC - pick any two... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
