On Tue, Feb 28, 2012 at 1:12 PM, Free, Bob <r...@pge.com> wrote: > If you want to look at really tightening things up search out the articles > Laura > Robinson has written about running with 0 domain admins. While eliminating > DAs might not be possible in your environment, her ideas definitely get you > thinking about least privilege.
While privilege separation is an extremely useful concept, I suspect for at least some of us (myself, certainly, and I believe Kurt too), its utility is somewhat diminished by the fact that all the privileged roles fall on the same small group of people. It's not worthless for us, but it's a lot more effective in a large org, where you have different people handling the different tasks. When one person is doing everything from a single PC, logging into 42 different accounts isn't going to yield nearly as much benefit. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin