Link to home
Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on

local admin and 3rd party admins - best practice

What is the general best practice from a security perspective when it comes to the default local administrator accounts on windows servers?
And similarly, what is the general best practice from a security & administration perspective when it comes to 3rd party technical support who may have a requirement for remote access into your network for managing certain applications and the servers and environment on which they are installed? I am thinking in terms of managing permissions and location/management within AD.

ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pau Lo
Pau Lo

ASKER

need administrator access use Microsoft LAPS#

From a support perspective, is there a need to enable the local admin account and use it, or can you get away with domain accounts.
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
You can use domain accounts for management..   * admin* depending upon need
EXPERT CERTIFIED SOLUTION
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of E C
E C
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pau Lo
Pau Lo

ASKER

How do your organize and file 3rd party user accounts in your AD, out of interest? are they blended in with local admin accounts, or do you handle things differently. Is there an ideal way to approach this?
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image
They would get their own OU.
Avatar of Pau Lo
Pau Lo

ASKER

From an administrators perspective ( I don't work in a support role), what is the benefit to putting them in their own OU? Or from the other angle, what is the risk in not doing so?
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image
Organization - you know which are contractors easily.  You can also apply policies to them that are specific to contractors.  You could have multiple contractors OUs depending on your organization layout.  For example, if you break down your OU structure in part by office location, each office could have a contractors OU.
Avatar of Pau Lo
Pau Lo

ASKER

Thanks Lee. Out of interest, could you give a couple of examples of any specific policies you'd apply to just contractors, 3rd parties. I'd be interested to learn about some examples for my own learning.