PaulDotCom mailing list archives
Re: local windows accounts
From: Ralph Durkee <rd () rd1 net>
Date: Sat, 21 May 2011 12:47:23 -0400
For the "credential compartmentalization" I would say it doesn't apply well to local windows account. The credential compartmentalization would be the opposite of single-sign-on, the concept would be to have different account and passwords for systems with different very purposes and very different risk profiles. So for example firewall administrative accounts should NOT be same the regular user account or email accounts. -- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GCIA, GPEN Principal Security Consultant On 5/20/2011 4:39 PM, craig bowser wrote:
BTW, WTH is "credential compartmentalization"???? o_O Craig L Bowser ____________________________ This email is measured by size. Bits and bytes may have settled during transport. On Fri, May 20, 2011 at 4:39 PM, craig bowser <reswob10 () gmail com <mailto:reswob10 () gmail com>> wrote: make sure they are not in the local admin group. Craig L Bowser ____________________________ This email is measured by size. Bits and bytes may have settled during transport. On Fri, May 20, 2011 at 2:06 PM, Matthew Perry <mlperry () gmail com <mailto:mlperry () gmail com>> wrote: "personal preference and credential compartmentalization" was the answer I got. My issue is getting management to back me right now. Also is there a group policy setting to keep users from creating local accounts? On Friday, May 20, 2011, Joel Esler <joel.esler () me com <mailto:joel.esler () me com>> wrote: > Ask them why. Then report back. Most likely they don't need what they are asking. > > On May 20, 2011, at 1:24 PM, Matthew Perry wrote: > >> I have a few users who insist that they need a local account on their domain laptops. I am trying to explain to them that their password will cache and allow them to login while not on the network. It also looks like local accounts bypass a lot of our group policy rules that we have put in place and I do not want to have to manage local policies as well. Can anyone give me some more good reasons why it is bad to use a local account instead of a domain account. >> >> Thanks! >> >> -- >> Matthew Perry >> _______________________________________________ >> Pauldotcom mailing list >> Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Matthew Perry _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- local windows accounts Matthew Perry (May 20)
- Re: local windows accounts ad^2 (May 20)
- Re: local windows accounts Joel Esler (May 20)
- Re: local windows accounts Matthew Perry (May 20)
- Re: local windows accounts craig bowser (May 20)
- Re: local windows accounts craig bowser (May 20)
- Re: local windows accounts Matthew Perry (May 20)
- Re: local windows accounts Ben Jackson (May 21)
- Re: local windows accounts Michael Lubinski (May 21)
- Re: local windows accounts Ralph Durkee (May 21)
- Re: local windows accounts Matthew Perry (May 20)
- Re: local windows accounts Ty Purcell (May 20)
- Re: local windows accounts Brian Erdelyi (May 21)