Educause Security Discussion mailing list archives
Re: Local Administrator Accounts
From: Eric Case <ecase () EMAIL ARIZONA EDU>
Date: Thu, 10 Jul 2008 21:25:08 -0700
At 04:16 PM 7/10/2008 -0400, Nipper, Johnny R. wrote:
I am interested in hearing how everyone manages local administrator accounts of client machines on their network.
Hi Johnny, Great question. I'll answer in line below and because I'd also like to know how others are managing the account so please reply to the list. Given that this is not just a Windows problem, may I broaden the question to include root on *nix boxes?
Do you leave them enabled or disabled?
We a disabling them ...
For those who allow local administrator accounts, do you use unique passwords?
... because we can't afford a product to manage unique passwords on all the boxes and I can't ensure my IT guys keep them unique.
how do you guarantee AAA?
I want a college policy that says no shared accounts, not local administrator or root so I can stop the "class break" and guarantee AAA. The IT guys are pushing back hard. As soon I we got out of the 1980's mode of managing the machines (keyboard to keyboard) I think they'll get over it. -Eric Eric Case, CISSP <ecase () Arizona edu> Information Security Officer College of Engineering <http://www.Engr.Arizona.edu> 1127 E James E. Rogers Way Room 200 Tucson, AZ 85721-0020 Mobile Phone 520-275-6436
Current thread:
- Local Administrator Accounts Nipper, Johnny R. (Jul 10)
- <Possible follow-ups>
- Re: Local Administrator Accounts Eric Case (Jul 10)
- Re: Local Administrator Accounts Matthew Stublefield (Jul 11)