Comment Re:Well, this password crack worked well... (Score 1) 210
You grant junior-admins or helpdesk operators the ability to reset user passwords. The users should not be allowed to change administrative, service, or system passwords.
In the NT world there is a default usergroup named "Account Operators" that have this ability.
In a production environment the admin passwords should only be used when making changes or for emergency fixes. Both of these situations would require management approval or notification and the admin password could be "checked out".
We have a little over 3500 servers worldwide at my company and this is the process we have in place. And the process works.
In the NT world there is a default usergroup named "Account Operators" that have this ability.
In a production environment the admin passwords should only be used when making changes or for emergency fixes. Both of these situations would require management approval or notification and the admin password could be "checked out".
We have a little over 3500 servers worldwide at my company and this is the process we have in place. And the process works.
