Educause Security Discussion mailing list archives
Re: AD and Domain Admin Policy?
From: Brad Judy <brad.judy () CU EDU>
Date: Fri, 19 Dec 2014 15:18:11 +0000
Just a quick response to say that if your domain admins don’t have separate admin and regular usage accounts, make this your key task for today. Even non-domain admins that have other privileged access (Exchange admins, account admins, etc.) should have separate admin and regular usage accounts. They should log into their desktops/laptops with a regular account and RDP or “Run As” their admin accounts when needed. Brad Judy Director of Information Security University Information Systems University of Colorado 1800 Grant Street, Suite 300 Denver, CO 80203 Office: (303) 860-4293 Fax: (303) 860-4302 www.cu.edu [cu-logo_fl] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russ Leathe Sent: Friday, December 19, 2014 8:13 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] AD and Domain Admin Policy? What happened to Sony, I feel is the ‘tip of the iceberg’. That said, do you have a “Domain Admin” policy at your school? Can domain admins only login as themselves to computers they have control over? Do your domain admins have a separate login when they need to check Kiosks, etc…. what about non-security issues like internal websites to look at today’s menu? Thanks! russ
Current thread:
- AD and Domain Admin Policy? Russ Leathe (Dec 19)
- Re: AD and Domain Admin Policy? Brad Judy (Dec 19)
- Re: AD and Domain Admin Policy? Dugan, Darin D [ITSYS] (Dec 19)
- Re: AD and Domain Admin Policy? Timothy Pierson (Dec 19)
- Re: AD and Domain Admin Policy? Timothy Pierson (Dec 19)
- Re: AD and Domain Admin Policy? Kevin McCormick (Dec 22)
- Cisco Advisory NTP Multiple Vulnerabilities Kevin McCormick (Dec 22)
- Re: AD and Domain Admin Policy? Timothy Pierson (Dec 19)
- Re: AD and Domain Admin Policy? Brad Judy (Dec 19)