Educause Security Discussion mailing list archives
Re: Multiple of Single User Accounts
From: Eric Case <ecase () EMAIL ARIZONA EDU>
Date: Wed, 21 Oct 2009 20:16:10 -0700
In my case, a nameing convention was selected. Accounts in AD but outside of LDAP start with duble underscore (__) and then an a for admin, e for enterprise, s for service, etc. For example, if the account is __ajsmith It very clear that the account is a privileged "admin" account for the normal user jsmith. The AD groups that __sjsmith belongs to may be updated automaticly or manualy by the campus units that jsmith works for. -Eric Eric Case, CISSP eric (at) ericcase (dot) com http://www.linkedin.com/in/ericcase
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barrera, Connie Sent: Wednesday, October 21, 2009 2:07 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Multiple of Single User Accounts Greetings to all: For the different folks who have responded to this thread. How are you keeping the "roles" identified in AD updated and hence the associated access/permissions current? At least at our school there is a lot of fluctuation between roles and departmental/position assignment. There are often times individuals with dual assignments and it's difficult to keep access updated due to numerous processes- how do you reconcile this? While we currently have many automated processes in place to deal with terminations and transfers, we continue to search for improvements. Is anyone leveraging a commercial IDM solution? Any insight into your respective solutions is greatly appreciated. Best regards, Connie Barrera, MCSE, CISSP University of Miami Security Manager, Information Technology 5915 Ponce de Leon, #41 Coral Gables, FL 33146-2500 O&F: 305-284-2773 connie () miami edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roger Safian Sent: Wednesday, October 21, 2009 4:52 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Multiple of Single User Accounts Typically we have a one user, on account policy. There are some very limited exceptions to that rule, but, none of them are for students who are also employees. At 03:17 PM 10/21/2009, Daniel Bennett put fingers to keyboard and wrote:What do you do when you have students who are also employees or viceversa? Do you create two unique network and e-mail accounts for them or do they use a single account?Daniel Bennett IT Security Analyst Pennsylvania College of Technology One College Ave Williamsport PA, 17701 570.329.4989-- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 467-6437 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Re: Multiple of Single User Accounts, (continued)
- Re: Multiple of Single User Accounts Eric Case (Oct 21)
- Re: Multiple of Single User Accounts Flynn, Gerald (Oct 21)
- Re: Multiple of Single User Accounts Gregg, Christopher S. (Oct 21)
- Re: Multiple of Single User Accounts Roger Safian (Oct 21)
- Re: Multiple of Single User Accounts Barrera, Connie (Oct 21)
- Re: Multiple of Single User Accounts Morrow Long (Oct 21)
- Re: Multiple of Single User Accounts Stanclift, Michael (Oct 21)
- Re: Multiple of Single User Accounts Mark Borrie (Oct 21)
- Re: Multiple of Single User Accounts Gregg, Christopher S. (Oct 21)
- Re: Multiple of Single User Accounts Michael Fertig (Oct 21)
- Re: Multiple of Single User Accounts Eric Case (Oct 21)
- Re: Multiple of Single User Accounts Flynn, Gerald (Oct 22)
- Re: Multiple of Single User Accounts Flynn, Gerald (Oct 22)
- Re: Multiple of Single User Accounts Flynn, Gerald (Oct 22)
- Re: Multiple of Single User Accounts Stanclift, Michael (Oct 22)
- Re: Multiple of Single User Accounts Basgen, Brian (Oct 22)
- Re: Multiple of Single User Accounts Jesse Thompson (Oct 22)