S
Spin
I want to make sure that all my servers only have one enabled local
administrator account. How can I make a script file which does this?
administrator account. How can I make a script file which does this?
Michael Holzemer said:Really...
I suppose I should retort that you apparently run a small workgroup and do
not know what a domain is. I do not want a flame war here, just an
understanding. We just have two different views of the same situation. My
assumption is that "users" in this case does not include groups and it is a
domain. I could easily be wrong based on the information from the post.
Just for clarity. I run a 2 tier mission critical data center with fully
redundant load balanced application servers with a clustered back end along
with a corporate network. High availability is my middle name. If I am down
I don't eat.
Think about this. My servers have the domain admins group in the admin group
on all servers. If I were to find a second admin account on a server I would
probably want to terminate the engineer responsible for being careless or
lazy.
--
Regards,
Michael Holzemer
No email replies please - reply in newsgroup
Ray at said:You apparently don't have any critical servers then. All I'm saying is that
it is a bad idea to have only one administrative account on a machine.
Ray at work
Ray at said:I do not want a flame war either.
I'm also in a domain. And as such, I agree that there shouldn't be
additional local admin accounts on the servers. Whether you have a
workgroup server with two admin logons or a domain member server or DC (more
than one), you must have more than one way to log on with administrative
rights. That's all I'm saying.
The majority of the data where I work in stored on an AS/400, so I also know
about uptime. :]
To Spin,
Download the last few thousand posts in a few W2K newsgroups and look at how
many posts there are like, "Someone quit, got fired, died, etc. and no one
has the administrator password. How can we get on our servers?" Don't put
yourself in that situation. To steal someone else's analogy (I don't think
it was in this thread), ask your boss how many sets of keys he has for his
car or house. When he answers with a number greater than 1, ask him why.
Ray at home
isMichael Holzemer said:Really...
I suppose I should retort that you apparently run a small workgroup and do
not know what a domain is. I do not want a flame war here, just an
understanding. We just have two different views of the same situation. My
assumption is that "users" in this case does not include groups and itevena
domain. I could easily be wrong based on the information from the post.
Just for clarity. I run a 2 tier mission critical data center with fully
redundant load balanced application servers with a clustered back end along
with a corporate network. High availability is my middle name. If I am down
I don't eat.
Think about this. My servers have the domain admins group in the admin group
on all servers. If I were to find a second admin account on a server I would
probably want to terminate the engineer responsible for being careless or
lazy.
--
Regards,
Michael Holzemer
No email replies please - reply in newsgroup
is
that
Ray at said:I do not want a flame war either.
I'm also in a domain. And as such, I agree that there shouldn't be
additional local admin accounts on the servers. Whether you have a
workgroup server with two admin logons or a domain member server or DC (more
than one), you must have more than one way to log on with administrative
rights. That's all I'm saying.
The majority of the data where I work in stored on an AS/400, so I also know
about uptime. :]
To Spin,
Download the last few thousand posts in a few W2K newsgroups and look at how
many posts there are like, "Someone quit, got fired, died, etc. and no one
has the administrator password. How can we get on our servers?" Don't put
yourself in that situation. To steal someone else's analogy (I don't think
it was in this thread), ask your boss how many sets of keys he has for his
car or house. When he answers with a number greater than 1, ask him why.
Ray at home
isMichael Holzemer said:Really...
I suppose I should retort that you apparently run a small workgroup and do
not know what a domain is. I do not want a flame war here, just an
understanding. We just have two different views of the same situation. My
assumption is that "users" in this case does not include groups and itevena
domain. I could easily be wrong based on the information from the post.
Just for clarity. I run a 2 tier mission critical data center with fully
redundant load balanced application servers with a clustered back end along
with a corporate network. High availability is my middle name. If I am down
I don't eat.
Think about this. My servers have the domain admins group in the admin group
on all servers. If I were to find a second admin account on a server I would
probably want to terminate the engineer responsible for being careless or
lazy.
--
Regards,
Michael Holzemer
No email replies please - reply in newsgroup
is
that
[ ]Why is that? I might use your response as part of a response to
my manager who wants to limit to only one admin account per
machine.
oneMichael Holzemer said:I agree with that 100%. In reality I have at least 4 keys to every server. 2
domain admins, the local admin ("in the safe" figuratively), and the magical
original domain admin account (the one really in the safe in case the bus
gets my colleague and I at the same time) so that's the way I tend to
perceive things.
I actually posted that link as a tool for solving the "I lost my password"
dilemma. I should have been clearer as to the purpose of it (you know an FYI
deal as opposed to an answer). The time I needed to use it on a non-critical
Oracle server (that had not been put into the domain and only had 1 admin
account and the guy was no longer with the company. Spin you listening?)
made me swear by it. That's all.
--
Regards,
Michael Holzemer
No email replies please - reply in newsgroup
Ray at said:I do not want a flame war either.
I'm also in a domain. And as such, I agree that there shouldn't be
additional local admin accounts on the servers. Whether you have a
workgroup server with two admin logons or a domain member server or DC (more
than one), you must have more than one way to log on with administrative
rights. That's all I'm saying.
The majority of the data where I work in stored on an AS/400, so I also know
about uptime. :]
To Spin,
Download the last few thousand posts in a few W2K newsgroups and look at how
many posts there are like, "Someone quit, got fired, died, etc. and no
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.