In principle, I support and advocate multiple user accounts.
In (recent) practice, I've been spoiled by UAC on Vista and Win7. (Not
suggesting that it mitigates *all* risk, btw)
-ASB: http://XeeSM.com/AndrewBaker
On Thu, May 27, 2010 at 4:42 PM, Free, Bob r...@pge.com wrote:
2-3 is max for
,
Phil Garven
From: Crawford, Scott [mailto:crawfo...@evangel.edu]
Sent: Thursday, May 27, 2010 5:38 PM
To: NT System Admin Issues
Subject: RE: What's your requirement to allow a user DA?
Not to nitpick, but I want to nit pick :)
RE: But no one uses the internet
Security for Exchange).
Cheers
Ken
From: Crawford, Scott [mailto:crawfo...@evangel.edu]
Sent: Friday, 28 May 2010 7:38 AM
To: NT System Admin Issues
Subject: RE: What's your requirement to allow a user DA?
Not to nitpick, but I want to nit pick :)
RE: But no one uses the internet on the exchange
Hi,
A large company with 5 SEs? What company is this? :)
The only Domain Admins should be those people who are responsible for Active
Directory.
Cheers
Ken
From: David Lum [mailto:david@nwea.org]
Sent: Friday, 28 May 2010 4:39 AM
To: NT System Admin Issues
Subject: What's your requirement
There was a + behind it :)
From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Friday, May 28, 2010 5:44 AM
To: NT System Admin Issues
Subject: RE: What's your requirement to allow a user DA?
Hi,
A large company with 5 SEs? What company is this? :)
The only Domain Admins should be those
Organization
401-639-3505
ezi...@lifespan.org
From: Phil Garven [mailto:ph...@sunbeltsoftware.com]
Sent: Friday, May 28, 2010 8:25 AM
To: NT System Admin Issues
Subject: RE: What's your requirement to allow a user DA?
IT people tend to do a lot of testing on their machines which often
My thoughts:
No domain admins unless there is no other way to do what you need to.
If they need to do AD administration, use LDAP OU ACLs aka delegation.
They should only get permissions delegated to them if AD management is
part of their duties.
On 5/27/2010 1:39 PM, David Lum wrote:
What
.)
-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com]
Sent: Thursday, May 27, 2010 11:55 AM
To: NT System Admin Issues
Subject: Re: What's your requirement to allow a user DA?
My thoughts:
No domain admins unless there is no other way to do what you need
2-3 is max for any environment IMO. Everything else should be dome with
delegations. They must be your most proficient admins, not any old new
hire.
Check out some of joe Richard's rants about it, he ran a multi-nationl
Global 5 firm with 3 EA /DA level admins who were, as he put it, all
close
...@usc.edu]
Sent: Thursday, May 27, 2010 14:02
To: NT System Admin Issues
Subject: RE: What's your requirement to allow a user DA?
In addition, use Restricted Group GPOs as much as possible if distributed
local administration of machines is required. Personally, I would go a step
further
System Admin Issues
Subject: RE: What's your requirement to allow a user DA?
2-3 is max for any environment IMO. Everything else should be dome with
delegations. They must be your most proficient admins, not any old new hire.
Check out some of joe Richard's rants about it, he ran a multi-nationl
it? Or, are you suggesting that different AV be installed
on various servers?
From: Phil Garven [mailto:ph...@sunbeltsoftware.com]
Sent: Thursday, May 27, 2010 4:06 PM
To: NT System Admin Issues
Subject: RE: What's your requirement to allow a user DA?
+1 on separate accounts for admins
Log
workstation admins aren't
server admins.
From: Phil Garven [mailto:ph...@sunbeltsoftware.com]
Sent: Thursday, May 27, 2010 2:06 PM
To: NT System Admin Issues
Subject: RE: What's your requirement to allow a user DA?
+1 on separate accounts for admins
Log on with a user account (maybe
The only people I give it to are the guys who actually own the AD service. That
would be the people that support your domain controllers. Everything else gets
delegated. Sometimes a team manage gets it depending on the organizational
structure but it varies by organization.
There's a really
Phil Garven ph...@sunbeltsoftware.com previously uttered:
Log on with a user account (maybe a local admin) and use run as to
run your admin programs as your domain admin or equivalent account.
--
Phil Brutsche
p...@optimumdata.com
~ Finally, powerful endpoint security that ISN'T a
15 matches
Mail list logo
