How does your organizations manage the local administrator account on workstations?

[Paul Adare - MVP]

Re: How does your organizations manage the local administrator acc

Re: How does your organizations manage the local administrator acc

On Tue, 2 Sep 2008 09:05:01 -0700, Dan wrote:

> Okay, so passwords greater than 17 characters using alph-numeric with special
> symbols and would protecting them with 448-bit Blowfish encryption be good
> enough in this day and age?

So you're going to rewrite the OS to allow passwords to be encrypted with
Blowfish? Jeesh.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
To err is human; to forgive, beyond the scope of the Operating System.

 

[Phillip Windell]

Re: How does your organizations manage the local administrator acc

Re: How does your organizations manage the local administrator acc

"Paul Adare - MVP" <pkadare@gmail.com> wrote in message
news:yngrpp5pud20$.1k7kvbvr4sjcz.dlg@40tude.net...
> On Tue, 2 Sep 2008 09:05:01 -0700, Dan wrote:
>
>> Okay, so passwords greater than 17 characters using alph-numeric with
>> special
>> symbols and would protecting them with 448-bit Blowfish encryption be
>> good
>> enough in this day and age?
>
> So you're going to rewrite the OS to allow passwords to be encrypted with
> Blowfish? Jeesh.

It also seems to imply the assumption that the primary way that any password
is "beaten" is by hacking it in some way. But the primary way a password is
beaten is by one person who knows it, telling it to someone who is not
supposed to know it, or by someone getting their hands on the password
documentation list. All the encryption in the world isn't going to stop
that.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

 

[Dan]

Re: How does your organizations manage the local administrator acc

Re: How does your organizations manage the local administrator acc

Just buy and use cryptainer --- gee whiz and it works on Windows 98

http://www.cypherix.com/sols.htm



"Paul Adare - MVP" wrote:

> On Tue, 2 Sep 2008 09:05:01 -0700, Dan wrote:
>
> > Okay, so passwords greater than 17 characters using alph-numeric with special
> > symbols and would protecting them with 448-bit Blowfish encryption be good
> > enough in this day and age?
>
> So you're going to rewrite the OS to allow passwords to be encrypted with
> Blowfish? Jeesh.
>
> --
> Paul Adare
> MVP - Identity Lifecycle Manager
> http://www.identit.ca
> To err is human; to forgive, beyond the scope of the Operating System.
>

 

[Dan]

Re: How does your organizations manage the local administrator acc

Re: How does your organizations manage the local administrator acc

Good point and the yellow sticky notes that people try to hide near their
computers

"Phillip Windell" wrote:

> "Paul Adare - MVP" <pkadare@gmail.com> wrote in message
> news:yngrpp5pud20$.1k7kvbvr4sjcz.dlg@40tude.net...
> > On Tue, 2 Sep 2008 09:05:01 -0700, Dan wrote:
> >
> >> Okay, so passwords greater than 17 characters using alph-numeric with
> >> special
> >> symbols and would protecting them with 448-bit Blowfish encryption be
> >> good
> >> enough in this day and age?
> >
> > So you're going to rewrite the OS to allow passwords to be encrypted with
> > Blowfish? Jeesh.
>
> It also seems to imply the assumption that the primary way that any password
> is "beaten" is by hacking it in some way. But the primary way a password is
> beaten is by one person who knows it, telling it to someone who is not
> supposed to know it, or by someone getting their hands on the password
> documentation list. All the encryption in the world isn't going to stop
> that.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>

 

[Paul Adare - MVP]

Re: How does your organizations manage the local administrator acc

Re: How does your organizations manage the local administrator acc

On Tue, 2 Sep 2008 20:16:00 -0700, Dan wrote:

> Just buy and use cryptainer --- gee whiz and it works on Windows 98
>
> http://www.cypherix.com/sols.htm

We're talking about logon passwords here Dan. Should be obvious.



--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Long computations that yield zero are probably all for naught.

 

[Phillip Windell]

Re: How does your organizations manage the local administrator acc

Re: How does your organizations manage the local administrator acc

"Dan" <Dan@discussions.microsoft.com> wrote in message
news:1747E688-5C5C-43CD-AB30-7727A05530BF@microsoft.com...
> Good point and the yellow sticky notes that people try to hide near their
> computers

Hide?

I've seen 'em stuck on monitor all the way around. The stupid thing looked
like a giant Sun Flower!
I didn't know if I should Click-it, sniff it, or each the seeds.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

 

[Dan]

Re: How does your organizations manage the local administrator acc

Re: How does your organizations manage the local administrator acc

Well, I am expanding the topic to include a multi-level security approach
with using not only login passwords which of course is better on Windows XP
but also BIOS passwords, passwords used in 3rd party programs, biometrics,
and how to fully safeguard and secure your machine from hackers whether
internal or most importantly imo, remote external hackers with such skills
that we could be talking about employees from the federal governments of say
China or Russia now that is the true big time.

"Paul Adare - MVP" wrote:

> On Tue, 2 Sep 2008 20:16:00 -0700, Dan wrote:
>
> > Just buy and use cryptainer --- gee whiz and it works on Windows 98
> >
> > http://www.cypherix.com/sols.htm
>
> We're talking about logon passwords here Dan. Should be obvious.
>
>
>
> --
> Paul Adare
> MVP - Identity Lifecycle Manager
> http://www.identit.ca
> Long computations that yield zero are probably all for naught.
>

 

[Dan]

Re: How does your organizations manage the local administrator acc

Re: How does your organizations manage the local administrator acc

Good idea but I would go farther that the discarded passwords be shredded and
then ideally burned by fire just to be extra safe and secure and to keep you
safe from dumpster diving.

"S. Pidgorny <MVP>" wrote:

> G'day:
>
> Spin wrote:
> > Gurus,
> >
> > How does your organizations manage the local administrator account on
> > workstations? Typically the end-users do run with "administrative"
> > privileges, but a local admin account is needed to access a machine
> > offline. So how is this account typically named (i.e. renamed) and
> > password secured (i.e., complex and only a few people know it)? Then
> > you have the problem of having to change this password on every
> > workstation if a member of the IT staff leaves. Just looking for quick
> > thoughts here, no long treatise on the topic is necessary!
> >
>
> Set random password and throw it away. Do not try managing passwords for
> disk encryption either.
>
> Users should not have expectation that the data located on the local
> disks can be recovered in case of the system failure. Store data on servers.
>
> Stateless systems that actually reset to original state when user logs
> off will proliferate, thanks to advances of virtual desktop
> technologies. There is no point in managing local admin password on such
> systems.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>

 

[Roger Abell [MVP]]

Re: How does your organizations manage the local administrator acc

Re: How does your organizations manage the local administrator acc

"Dan" <Dan@discussions.microsoft.com> wrote in message
news:B443F559-7733-4E98-9B7D-7609F6879A58@microsoft.com...
> Good idea but I would go farther that the discarded passwords be shredded
> and
> then ideally burned by fire just to be extra safe and secure and to keep
> you
> safe from dumpster diving.
>

but what about the molecular ash reorganizers ??


> "S. Pidgorny <MVP>" wrote:
>
>> G'day:
>>
>> Spin wrote:
>> > Gurus,
>> >
>> > How does your organizations manage the local administrator account on
>> > workstations? Typically the end-users do run with "administrative"
>> > privileges, but a local admin account is needed to access a machine
>> > offline. So how is this account typically named (i.e. renamed) and
>> > password secured (i.e., complex and only a few people know it)? Then
>> > you have the problem of having to change this password on every
>> > workstation if a member of the IT staff leaves. Just looking for quick
>> > thoughts here, no long treatise on the topic is necessary!
>> >
>>
>> Set random password and throw it away. Do not try managing passwords for
>> disk encryption either.
>>
>> Users should not have expectation that the data located on the local
>> disks can be recovered in case of the system failure. Store data on
>> servers.
>>
>> Stateless systems that actually reset to original state when user logs
>> off will proliferate, thanks to advances of virtual desktop
>> technologies. There is no point in managing local admin password on such
>> systems.
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>

 

[Dan]

Re: How does your organizations manage the local administrator acc

Re: How does your organizations manage the local administrator acc

Seriously or a Joke <grins>

"Roger Abell [MVP]" wrote:

> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:B443F559-7733-4E98-9B7D-7609F6879A58@microsoft.com...
> > Good idea but I would go farther that the discarded passwords be shredded
> > and
> > then ideally burned by fire just to be extra safe and secure and to keep
> > you
> > safe from dumpster diving.
> >
>
> but what about the molecular ash reorganizers ??
>
>
> > "S. Pidgorny <MVP>" wrote:
> >
> >> G'day:
> >>
> >> Spin wrote:
> >> > Gurus,
> >> >
> >> > How does your organizations manage the local administrator account on
> >> > workstations? Typically the end-users do run with "administrative"
> >> > privileges, but a local admin account is needed to access a machine
> >> > offline. So how is this account typically named (i.e. renamed) and
> >> > password secured (i.e., complex and only a few people know it)? Then
> >> > you have the problem of having to change this password on every
> >> > workstation if a member of the IT staff leaves. Just looking for quick
> >> > thoughts here, no long treatise on the topic is necessary!
> >> >
> >>
> >> Set random password and throw it away. Do not try managing passwords for
> >> disk encryption either.
> >>
> >> Users should not have expectation that the data located on the local
> >> disks can be recovered in case of the system failure. Store data on
> >> servers.
> >>
> >> Stateless systems that actually reset to original state when user logs
> >> off will proliferate, thanks to advances of virtual desktop
> >> technologies. There is no point in managing local admin password on such
> >> systems.
> >>
> >> --
> >> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> >> -= F1 is the key =-
> >>
> >> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
> >>
>
>
>

 

[George Ellis]

Re: How does your organizations manage the local administrator acc

Re: How does your organizations manage the local administrator acc

You don't have one? We have to use ours at least once a month.

"Dan" <Dan@discussions.microsoft.com> wrote in message
news:600CE98F-B842-41E3-A852-44D23107E053@microsoft.com...
> Seriously or a Joke <grins>
>
> "Roger Abell [MVP]" wrote:
>
>> "Dan" <Dan@discussions.microsoft.com> wrote in message
>> news:B443F559-7733-4E98-9B7D-7609F6879A58@microsoft.com...
>> > Good idea but I would go farther that the discarded passwords be
>> > shredded
>> > and
>> > then ideally burned by fire just to be extra safe and secure and to
>> > keep
>> > you
>> > safe from dumpster diving.
>> >
>>
>> but what about the molecular ash reorganizers ??
>>
>>

 

[~BD~]

Re: How does your organizations manage the local administrator acc

Re: How does your organizations manage the local administrator acc

"We" ???? Can't you manage its use all by yourself? <wink>

Dave

--
"George Ellis" <george.ellis@9delta9.com> wrote in message
news:eyZxe10DJHA.1228@TK2MSFTNGP02.phx.gbl...
> You don't have one? We have to use ours at least once a month.

<snip>

 

[Dan]

Re: How does your organizations manage the local administrator acc

Re: How does your organizations manage the local administrator acc

It is funny and I talk in we are the time at work in referring to my
co-workers or should I say are Wii there yet --- <grin> --- really dumb I
know but my humor is poor --- <smiles>

"~BD~" wrote:

> "We" ???? Can't you manage its use all by yourself? <wink>
>
> Dave
>
> --
> "George Ellis" <george.ellis@9delta9.com> wrote in message
> news:eyZxe10DJHA.1228@TK2MSFTNGP02.phx.gbl...
> > You don't have one? We have to use ours at least once a month.
>
> <snip>
>
>
>

 

[Matt Maslowski]

RE: How does your organizations manage the local administrator account

RE: How does your organizations manage the local administrator account

Spin,

I've seen a couple of companies using product provided by Autocipher -
www.autocipher.com....this is an agentless password management solution for a
windows environment.....It simply does the job!

Let me know if you have any questions.

Matt

"Spin" wrote:

> Gurus,
>
> How does your organizations manage the local administrator account on
> workstations? Typically the end-users do run with "administrative"
> privileges, but a local admin account is needed to access a machine offline.
> So how is this account typically named (i.e. renamed) and password secured
> (i.e., complex and only a few people know it)? Then you have the problem of
> having to change this password on every workstation if a member of the IT
> staff leaves. Just looking for quick thoughts here, no long treatise on the
> topic is necessary!
>
> --
> Spin
>
>