Roger Abell
Guest
|
 Posted:
Wed Dec 22, 2004 7:46 am Post subject:
Re: Service ID Administration |
|
|
Whether it is appropriate or not to have the account set with
never expiring (and never changed) passwords actually begs
a couple of questions. Appropriate to whom? and what are
the standards, and risk tolerances, of that entity?
I believe you will find that not changing the password on a
regular schedule is a fairly common practice. That does not
mean it is a good (or bad) practice.
If you were to set the password to be intolerably long and
complicated, the probability that it would be cracked becomes
diminishingly small. The issue then is whether the password
is secure from other means of it being discovered by those that
should not have it. Is the password known only to the scm for
use in starting the service? or does the service itself internally
need knowledge (and hence have the ability to mishandle the
information), etc.?
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"miloann2002" <shung@charter.net> wrote in message
news:rMQxd.19888$eW6.14199@fe06.lga...
| Quote: | I would like to know what are the industry practices for those service IDs
with administrator privileges. We have a number of these type of IDs and
they are set to never expired. These IDs are those used to backup and
other
scheduled automated jobs. Is this appropriate? If not, should they
follow
the regular password administration policy?
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in