Local administrator accounts on computers wield considerable power and must be limited.  It is common for domain users to have local administrator rights or access to the local administrator account itself.  It is common to use the same local administrator password across the enterprise.  To protect the organisation, disable the local administrator accounts if possible or at the very least change the default name, use unique, secure passwords, and restrict access unless necessary.  Assign separate administrator accounts to users if needed for temporary use and enable auditing on all privileged accounts.  Underpin this with management supported policy.  Remember non-windows systems.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s