How do you guys handle service accounts that seem to need local admin perms on
server and workstations - I.e., SMS, anti-virus, etc. we currently have them as
domain admins with a "no interactive logon" GPO, but surely there's a better
way...the only thing that comes to mind is use GPO to make t
Well, for me just set a long password, and long username (make sure you
write it somewhere)and maybe once every 6 month or so...change the
password, or if easy enough on the application,maybe the username as well.
On Wed, Jun 9, 2010 at 12:46 AM, David Lum wrote:
> How do you guys handle se
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, June 08, 2010 9:47 AM
To: NT System Admin Issues
Subject: Service accounts that want local admin
How do you guys handle service accounts that seem to need local admin
perms on server and workstations - I.e., SMS, anti-virus, etc. we
curr
Doesn't 2008 R2 AD try to handle this with the "Managed Service Accounts"
feature? Having said that, I haven't tried using it yet. We try to apply the
principle of least privilege wherever possible. You can use LUA Buglight and
process monitor to work out *why *things think they need admin permissi
2:16 AM
To: NT System Admin Issues
Subject: Re: Service accounts that want local admin
Doesn't 2008 R2 AD try to handle this with the "Managed Service
Accounts" feature? Having said that, I haven't tried using it yet. We
try to apply the principle of least privilege wher
