Re: Problems with AdminCount bit, inheiratance, and email
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 2 Feb 2006 11:58:12 -0600
My experience here is that the best practice is to have separate operational
accounts for your DAs that aren't receiving email or doing "regular user"
stuff. The people who are DAs would have regular accounts that they use for
their normal work in the company.
The goal is that your DAs only use their DA accounts when absolutely
necessary, but they should generally never be logging into their
workstations to read email as a DA. That's super dangerous from a security
standpoint.
Joe K.
"Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx> wrote in message
news:ek87BfAKGHA.2248@xxxxxxxxxxxxxxxxxxxxxxx
Any idea about why we're being told that DA's should NOT have email
accounts. I can't figure that out...
Can you elaborate on what they are saying/ suggesting?
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
.
- Follow-Ups:
- Re: Problems with AdminCount bit, inheiratance, and email
- From: Bill Bradley
- Re: Problems with AdminCount bit, inheiratance, and email
- References:
- Problems with AdminCount bit, inheiratance, and email
- From: Bill Bradley
- Re: Problems with AdminCount bit, inheiratance, and email
- From: Cary Shultz
- Re: Problems with AdminCount bit, inheiratance, and email
- From: Paul Williams [MVP]
- Problems with AdminCount bit, inheiratance, and email
- Prev by Date: Autoenrollment error
- Next by Date: Account on anotherforest locks out same name account in myforest
- Previous by thread: Re: Problems with AdminCount bit, inheiratance, and email
- Next by thread: Re: Problems with AdminCount bit, inheiratance, and email
- Index(es):
Relevant Pages
|
