Assuming there's anything behind them. Also, a password loss can be mitigated in seconds at no cost (call the boss, say "have all 4 people change their pw now").
It's about risk management, not risk prevention. Small businesses do not work the same as larger enterprises. What is a huge risk for a larger company can be immaterial for a small business and vice versa. A consultant's role is to interface with the business management and determine appropriate measures. I don't believe one can make blanket statements about what is appropriate or not for any particular business... I'm a big fan of appropriate security, and my systems/infrastructure design incorporates it from the start. But there's a limit to "how secure" a small business wants and/or needs to be. Or can afford to be... *********************** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *********************** > -----Original Message----- > From: Brian Desmond [mailto:br...@briandesmond.com] > Sent: Wednesday, July 08, 2009 10:32 AM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > Passwords are very much so sensitive data. > > Thanks, > Brian Desmond > br...@briandesmond.com > > c - 312.731.3132 > > > -----Original Message----- > From: Charlie Kaiser [mailto:charl...@golden-eagle.org] > Sent: Wednesday, July 08, 2009 8:42 AM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > Another thing about many small shops (I consult to SMBs) is > that there often isn't any "sensitive" data in AD. It's a > list of user and computer accounts, with little if any > personal info put in. A 10 person shop isn't going to bother > filling in all the attributes in AD. Sometimes you don't even > get last names. :-) > > I also work for large financials and yes, it would be > significantly different in such a case. > > I think it's important to put in perspective what type of > data one might be dealing with in this type of situation. > > *********************** > Charlie Kaiser > charl...@golden-eagle.org > Kingman, AZ > *********************** > > > -----Original Message----- > > From: Ben Scott [mailto:mailvor...@gmail.com] > > Sent: Tuesday, July 07, 2009 10:21 PM > > To: NT System Admin Issues > > Subject: Re: Win2003 DC on Win2000 domain > > > > On Wed, Jul 8, 2009 at 12:59 AM, Ken > > Schaefer<k...@adopenstatic.com> wrote: > > > I'm going to have to agree with Brian on this. Making a copy of > > > someone's DIT isn't the same as a proper backup. I don't > > think Brian's > > > questioning your professionalism here - but if I was a > > customer I'd be > > > quite nervous about this to. > > > > You guys have been working for "real" companies too long. > > > > For SOHOs, if you say "I'm making a virtual machine of an Active > > Directory Domain Controller on my laptop; that includes the > DIT files. > > I'll keep it for a few days in case we have trouble" > you're going to > > get nothing but blank stares. When you then rephrase it as "I'm > > keeping a copy of important server stuff on my laptop in > case we have > > trouble", you'll get thanked. > > > > Remember, a lot of these sorts of places *have no backups at all*. > > I know that seems incomprehensible to people on this list, > but for a > > lot of really small shops (< 5 people), their disaster > recovery plan > > is chapter 7 bankruptcy liquidation. > > > > -- Ben > > > > ~ Finally, powerful endpoint security that ISN'T a resource > hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~