Steve Lamb's Blog

Security Matters

Blogs

How to secure the Administrator account access to your environment

  • Comments 1
  • Likes

The Administrator Accounts Security Planning Guide has recently been posted to TechNet and hence is available for free download. It's a great place to start in reviewing how you manage privileged access. What ever type of user you are it's important to adopt the principle of Least User Access(LUA). Aaron Margosis has an excellent blog which focusses 100% on this very challenge. He recently posted an excellent article which covers the "why" and most useful "how" to run with limited privilege. Click here to read Aaron's article.

Remember one of the founding principles of information security "If you don't trust your administrators then you'd better get some new administrators".

The Immutable Laws of Security state this as follows "Law #6: A computer is only as secure as the administrator is trustworthy." Read about the Immutable Laws of security here

Comments
  • I see alot of times in branch offices where local admins have been delegated some authority within ad and they have just two accounts. One being there non-priviledged acct and the other being an elevated acct. The elevated version being group enforced via gpo's into all the local workstation/servers administrators groups and have been delegated ad authority. I think this should be consider a bad practice they should have 3 accounts the first one being there normal account the second being an ad delegated account and the third should only be utilized by being group enforced by gpo's into the local administrators group and have no ad delegation assigned. Better yet is to not group enforce anybody into the administrators group and only allow the local administrator (renamed of course) to login interactively. just my .0000001 cents worth

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment