Kevin Remde's IT Pro Weblog

He is so full of IT! This is provided "AS IS" with no warranties, and confers no rights. Use of included samples are subject to the terms specified at Microsoft
© Kevin A. Remde

Kevin Remde is Full of I.T. on Facebook 

 

Follow me on Twitter

 

 View Kevin Remde's profile on LinkedIn

 

Locations of visitors to this page

 

 

 

 

 

Tags
Recent Posts
FREE Software Evaluations
NEW: System Center 2012 w/SP1
Windows Server 2012
Hyper-V Server 2012
FREE 90 Day Trial of Windows Azure
Windows 8 Enterprise
Others
IT Pro Resources
IT Pro Evangelist Blogs
Common Tasks
Archives
Archives

Tell me how to keep my accounts secure

TechNet Blogs > Full of I.T. > Tell me how to keep my accounts secure

Tell me how to keep my accounts secure

19 Jul 2005 1:55 AM
  • Comments 0

Lock it down!  Okay… let’s say you’re an IT Professional (and who wouldn’t want to be, really) responsible for managing user and administrative accounts in your office or for your company.  But you sometimes ask yourself:

“Do I use my administrative accounts wisely?”

“Am I granting too many people too many rights in my organization?”

And then you ask us:

“What do YOU suggest I do about it, Kevin?  Does Microsoft have some prescriptive guidance for me?”

I’m glad you asked! 

I found a new document that might help.  It’s called “The Administrator Accounts Security Planning Guide”.  It is “designed to be an indispensable resource when organizations plan their strategy to secure administrator level accounts in Microsoft Windows NT-based operating systems such as Windows Server 2003 and Windows XP.” 

It’s only 25 pages long, so it’s an easy read.  Here is the table of contents from the document, to give you a better idea of the topics covered:

Chapter 1: Introduction
Executive Summary
Overview
Who Should Read This Guide
Planning Guide Overview
Chapter 2: The Approach to Making Administrator Accounts More Secure
Why Making Administrator Accounts More Secure Is Important
Why You Should Not Log On To Your Computer as an Administrator
Administrative Accounts and Groups Overview
Administrator Account Types
The Principles for Making Administrator Accounts More Secure
Principle of Least Privilege
Best Practices for Making Administrative Accounts More Secure
Chapter 3: Guidelines for Making Administrator Accounts More Secure
Overview of Guidelines for Making Administrator Accounts More Secure
Separate Domain Administrator and Enterprise Administrator Roles
Separate User and Administrator Accounts
Use the Secondary Logon Service
Run a Separate Terminal Services Session for Administration
Rename the Default Administrator Account
Create a Decoy Administrator Account
Create a Secondary Administrator Account and Disable the Built-in Account
Enable Account Lockout for Remote Administrator Logons
Create a Strong Administrator Password
Automate Scanning for Weak Passwords
Use Administrative Credentials on Trusted Computers Only
Audit Accounts and Passwords on a Regular Basis
Prohibit Account Delegation
Control the Administrative Logon Process
Chapter 4: Summary
Next Steps
Further Reading

Give it a look and let me know what you think!

, , , ,