funsec mailing list archives
Removing Local Administrator Account
From: Rob Thompson <my.security.lists () gmail com>
Date: Sun, 13 Jan 2008 11:27:15 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear List, I have cross posted this question to another security list that I belong to, but I wanted to send this here as well, as I am specifically interested in your responses. I know you are all on this list and I can find you all here, which is why I am sending it...well, here. I know that this is off topic and this is not any kind of "Fun Security", but I highly respect each of your opinions. I know I do not make many comments on this list, but I have watched it for over a year and I do pay attention to your responses. In my opinion you guys are all the best of breed in what you do... - --- I am asking this as I will be presenting this to a company, as they have proposed this idea and I want to show them exactly what they are considering getting themselves into. What is your professional opinion on removing the local administrator account? Does this pose a security risk to have a local administrator account on a computer, so that IT staff (which are the only people in the organization that are entitled to this user/pass) can do work on a computer in a way that can not be "securely" audited? What I mean by this is, they all use this one account (for emergencies only), instead of using their own credentials over the network - thereby showing the local admin account was used, but not who used it. What are the risks involved in removing this account? Is this a general best practice, from a security point of view? If not, what is the best practice from a security point of view? Lastly, do you believe or not, that if the IT staff wanted to compromise a box, anonymously, would they really need this local administrator account on the box? Or would they still be able to do this, without the account there? Why? I sincerely appreciate your time and thank you in advance for any answers that you may pose. Also, if you see something that I did not consider in my questions, please feel free to include that as well. Please remember, if you think that this is a wise decision or not, PLEASE state your answers and why. - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | | / \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) iEYEARECAAYFAkeKZhAACgkQcfN68iZZIcd6tgCdH/esec+OQ+LKIlb+cDYnkel3 z6EAoLdbxU2lL1yC8G/GoSq3gEZSi7tT =y46m -----END PGP SIGNATURE----- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Removing Local Administrator Account Rob Thompson (Jan 13)
- Re: Removing Local Administrator Account Dude VanWinkle (Jan 14)
- Re: Removing Local Administrator Account Rob Thompson (Jan 14)
- Re: Removing Local Administrator Account Rob Thompson (Jan 29)