We help IT Professionals succeed at work.

Question about generic accounts

isaacr25 asked
I have a theoretical question concerning best practice for usage of generic accounts (regardless of whether its network accounts, application accounts etc).

We're trying to limit the number of generic accounts that are being created and used. But we're trying to find the right balance also. So, should we try to "re-use" the same generic account for as many reasonable purposes as possible?

In other words, should we try to use the same generic account for different functions within the same application (assuming of course that the permissions are appropriate etc)?

Thanks in advance.
Watch Question

Author of the Year 2011
Top Expert 2006

I have never created 'generic' accounts of any kind and am curious of the reasoning behind it.

In any situation you need to know exactly who accessed a system and when they did it.

With generic accounts you lose that accountability - and possibly the ability to trouble-shoot any number of problems that might develop.

"Best Practice" is to not have any.


I understand that it's best practice, but as of right now not having any generic accounts is not feasible. Maybe I should clarify a bit... My original question also pertains to accounts like testing accounts and service accounts for different applications etc.
Author of the Year 2011
Top Expert 2006
OK - now I have a better understanding.
In our "Admin" group of users, we used to create specific accounts such as "exchADMIN" (MS Exchange), "epoADMIN" (McAfee ePO), etc. Each of those accounts had the express permissions described by the application they were managing.

If that is what you're talking about, then I would suggest having one for each function that is necessary.

The actual "Domain Administrator" account was never used (extremely complex password locked in a safe) and all members of the Admin Group had separate accounts for doing their Admin work.

In most things I go for "simple is better", but for SysAdmin work I always went for granularity - as it was the only way to track down who had done what...and when.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.