Educause Security Discussion mailing list archives

Local Admin Accounts

From: "King, Ronald A." <raking () NSU EDU>
Date: Wed, 16 Sep 2009 13:19:52 -0400

I would like to inquire as to what other Universities are doing with regard
to local admin accounts in Windows domain.  We are contemplating removing or
disabling local administrator accounts across the board and use a
Workstation Administrators group in Active Directory.



1.       Has anyone disabled the local Administrator account?

2.       How do you handle when a machine can no longer talk to the network
or domain, whether a hardware failure or lost trust?

3.       If a machine loses its trust with the domain, what cause this?

4.       Is there a method of creating a unique password for each machine
for the administrator account, or someway of not having to give out one
password that gives someone access to anything and everything?

5.       Any other advice?



Ronald King

Security Engineer

Norfolk State University

Marie V. McDemmond Center for Applied Research

Suite 401

700 Park Ave.

Norfolk, Virginia  23504

Phone:  757-823-3918

Fax: 757-823-2128

Email:  <mailto:raking () nsu edu> raking () nsu edu

 <http://security.nsu.edu> http://security.nsu.edu

Attachment: smime.p7s
Description:

Current thread:

Local Admin Accounts King, Ronald A. (Sep 16)
- <Possible follow-ups>
- Re: Local Admin Accounts Anand S Malwade (Sep 16)
- Re: Local Admin Accounts Stanclift, Michael (Sep 16)
- Re: Local Admin Accounts Guy Pace (Sep 16)
- Re: Local Admin Accounts Gary Flynn (Sep 16)
- Re: Local Admin Accounts Gary Flynn (Sep 16)
- Re: Local Admin Accounts Mark Monroe (Sep 16)
- Re: Local Admin Accounts Strzelec, Wally (Sep 16)
- Re: Local Admin Accounts Steven Alexander (Sep 16)
- Re: Local Admin Accounts Smith, Bob (Sep 16)
- Re: Local Admin Accounts Gary Flynn (Sep 16)

(Thread continues...)