Some security questions

anything I don't mind

anything I don't mind

anything I don't mind

Permabanned
Joined
28 Dec 2009
Posts
13,052
Location
london
Is it bad practice to use the domain administrator account as a user account ie make it email enabled and have a user actually monitor the account and login in to a client pc with it?

How often do you change domain admin passwords ? I work at a few sites and the one site is terrible. I have been there for 18 months and they won't change the domain admin passwords "in case something happens". Which is ridiculous. they have all the passwords in a xls file with a simple password and i exported and imported it all in to keepass and set it up on all IT pcs with a keyfile and password. The other IT guys won't allow me to delete the sheets in the xls file. They say that they will have to update documentation, i said will do that then. The guy will seriously argue with me about it and get pretty annoyed etc. I am half tempted to just do it but i know he will go as far as recreating it etc. How can i talk sense in to these sorts of people and implement basic security ?
 
groen said:
Is it bad practice to use the domain administrator account as a user account ie make it email enabled and have a user actually monitor the account and login in to a client pc with it?

How often do you change domain admin passwords ? I work at a few sites and the one site is terrible. I have been there for 18 months and they won't change the domain admin passwords "in case something happens". Which is ridiculous. they have all the passwords in a xls file with a simple password and i exported and imported it all in to keepass and set it up on all IT pcs with a keyfile and password. The other IT guys won't allow me to delete the sheets in the xls file. They say that they will have to update documentation, i said will do that then. The guy will seriously argue with me about it and get pretty annoyed etc. I am half tempted to just do it but i know he will go as far as recreating it etc. How can i talk sense in to these sorts of people and implement basic security ?
Click to expand...

Yes, an admin account should not be used as a user account! Stop that instantly. Use elevated privileges.

This is why sub admin accounts are created and used where needed. If the domain admin is changed it may affect parts of other areas of the network. for example we have applications deployed via app-v/sccm distributions that need to be authenticated as a doman admin to do certain scripts e.t.c. This is done in the background and is needed. If this password is changed it effects everything! Got to be careful with admin passwords.

We havn't changed ours for hum let me see.... 12 years now and thats a huge migration we did from 50 / (15 years ago) to 5500 / as of today.
 
As i have worked there for 18 months I know which accounts are used for service accounts and which ones are not.

I have even changed the system administrator and administrator accounts and see what broke and changed it back. The only problem there was the prtg was set up to use the sysadmin account as a service account to access servers. So the server monitoring software sends alerts. But i just changed that to another actual service account.
 
groen said:
As i have worked there for 18 months I know which accounts are used for service accounts and which ones are not.

I have even changed the system administrator and administrator accounts and see what broke and changed it back. The only problem there was the prtg was set up to use the sysadmin account as a service account to access servers. So the server monitoring software sends alerts. But i just changed that to another actual service account.
Click to expand...

Then in that case do what you need to do. I will await more questions from you in other threads. :p ;)
 
You must log in or register to reply here.
Back
Top Bottom