Re: Local Administrator Accounts

[Eric Case <ecase () EMAIL ARIZONA EDU>]

At 04:16 PM 7/10/2008 -0400, Nipper, Johnny R. wrote:
> I am interested in hearing how everyone manages local administrator
> accounts of client machines on their network.

     Hi Johnny,

     Great question.  I'll answer in line below and because I'd also
like to know how others are managing the account so please reply to
the list.  Given that this is not just a Windows problem, may I
broaden the question to include root on *nix boxes?


> Do you leave them enabled or disabled?

     We a disabling them ...


> For those who allow local administrator accounts, do you use unique
> passwords?

     ... because we can't afford a product to manage unique
passwords on all the boxes and I can't ensure my IT guys keep them unique.


> how do you guarantee AAA?

     I want a college policy that says no shared accounts, not local
administrator or root so I can stop the "class break" and guarantee
AAA.  The IT guys are pushing back hard.  As soon I we got out of the
1980's mode of managing the machines (keyboard to keyboard) I think
they'll get over it.
-Eric



Eric Case, CISSP  <ecase () Arizona edu>
Information Security Officer
College of Engineering   <http://www.Engr.Arizona.edu>
1127 E James E. Rogers Way Room 200
Tucson, AZ 85721-0020
Mobile Phone 520-275-6436