I recently spoke at a conference about security, and like always, I ask for a show of hands to see how many companies have password policies (e.g. changing the password every X days, etc) and then ask (with the hands remaining raised) how many change the passwords on their service accounts - nearly all the hands drop!
I don't get it - the most powerful accounts (alot are members of the Domain Admins group) in the company and the passwords aren't changed on a regular basis. The reason is, of course, the fact that noone (including me when I was a consultant) wants to manually modify 20 services on each of 80 servers (replace with your own numbers, of course). That's a ton of work. It is far simpler to just assume your passwords are secure.
ScriptLogic recently released Security Explorer 6 which included the absorbing of Service Explorer (which BTW can still be licensed as a "Workstation" license of Security Explorer). The service management functionality in Security Explorer automates the entire service account password headache, reducing the amount of time to literally less than a minute of one's time.
So why am I calling IT a glutton for punishment? Because a solution exists that takes away this pain, and yet IT folks today STILL either ignore the problem or manually address it. 50 licenses of Security Explorer (limited to managing services and tasks on servers only) would only cost an IT shop $200!!!!
As a fellow techie (I've been an MCSE since 94) knowing the pains IT goes through - get a copy of Security Explorer and secure your service accounts.
The Official Blog of ScriptLogic Software!
Categories
- Desktop Management (9)
- Incident Management (2)
- SharePoint Security (2)
- SQL Server Security (1)
- Windows Security (12)
- Windows Vista (3)
2 comments:
The idea looks great. We have some absent-minded users who never shutdown their computers. Currently we use 'shutdown -s' to shutdown limited set of clients but... it isn't that I can call a reliable solution. It requires playing with force shutdown policy and interactive group and it surely press users very hard because you cannot guarantee that they will be on their work places right when you will shut their machine down. So practically it doesn't matter if I set shutdown timeout to 30 sec or more. Chances are high that if I will shut their PCs on Friday, I'll get several complaints on my desk Monday morning. So what I want to ask here is what this your the phrase "shutting down inactive users after business hours" does actually mean? I see it like some of your products can autodiscover user activity. Am I right? If I understood it correctly, that's very interesting. Would you be so kind and describe it a bit more in details. Looks like that's what we are interested. But my chief is a stingy guy and I want to have some arguments for him of why we need some new app more.
Yeah, Windows 95 the first OS fully supported Advanced Power Management 1.1. It was Windows NT 4 who was lacking Suspend feature.
Klaus -
I think you meant to comment on the Power Management Post (http://scriptlogic.blogspot.com/2007/03/there-should-be-some-power-in-your.html). Desktop Authority has an inactivity timer that watches for keyboard and mouse inactivity and can be configured to shutdown a PC after a predefined amount of time on any given day (or set of days) you choose. The inactivity timer runs as a service so no user needs to be at his/her desk to shutdown the machine.
Post a Comment