Best Practice for Domain Administrators: Single "Superuser" Account or Multiple Domain Admins?
Posted on 2005-05-04
I'm trying to settle a debate with a system administrator regarding the best approach towards server management. The two opposing points are as follows:
1 (mine): It's best to use a single server administrator account on the server. Other accounts can and should be used for various services, but you should only use a single user when logging onto the server. It keeps all files and settings under a single profile, and saves on housekeeping to remove the profiles later.
2 (his): What's the harm in using multiple domain admin users? It seems that having one password and user ID is much more of a security risk than having individual user ID's and passwords.
My counterpoint to the latter half of point #2 is that I believe that his logic is backwards. It seems that giving multiple users domain admin privs would be of greater risk, especially if strong passwords are not enforced.
What do the experts think? Is it one of the above, or is there another way to look at this? I understand that this is somewhat subjective, so I'll favor answers with links to best practice resources.
Thanks in advance for your time.