> Another option is to create a policy
> that prevents them from doing so. If they disobey the policy they loose admin rights.
>
My feeling watching this thread was that a documented policy was the way to go, it doesn't seem like a technical solution will suffice. Many organizations mandate that Domain Admins restrict their own access to specific OUs, Servers etc. that house financial data, or information that must be kept anonymous to comply with Privacy laws. Really the only way to accomplish this is a regular compliance check from a third party like Legal or HR. It should be understood by the Admins in question that serious consequences will follow if they are found to have changed the admin password.
> that prevents them from doing so. If they disobey the policy they loose admin rights.
>
My feeling watching this thread was that a documented policy was the way to go, it doesn't seem like a technical solution will suffice. Many organizations mandate that Domain Admins restrict their own access to specific OUs, Servers etc. that house financial data, or information that must be kept anonymous to comply with Privacy laws. Really the only way to accomplish this is a regular compliance check from a third party like Legal or HR. It should be understood by the Admins in question that serious consequences will follow if they are found to have changed the admin password.
Rob.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]