Administrative account advice needed
Posted on 2004-11-18
The powers-that-be in my organization are putting forth a policy stating that all IT staff with administrative authority on computers and servers (techs, sysadmins, etc) must have those Active Directory (2003) security permissions placed on a secondary account.
Their idea is that it provides MORE security to create 2 accounts for every IT staffer that falls into that category, leaving them with a normal user account with no more privileges than your average user, and an account (with the same username, by the way, just with a "_admin" at the end) that has their extra privileges on it.
I have always believed that more user accounts than you need is always a bad thing. Especially when you consider that I know for a fact this policy will not be backed up by increased account auditing.
I want to fight this policy and show them they are wrong. Points will go to anyone who gives me some good ammunition or anyone who successfully changes my mind. I'm open-minded on this, so I could be convinced.