"Herb Martin" <> wrote in message
news:...
> BTW, Does everyone remember (all of) their DC "local admin passwords"?
>
> Good practice says this should NOT be the same as the Domain Admins,
> and probably shouldn't be the same on more than one DC.
>
> Since it is seldom used (if things go right), it is essential to REMEMBER
> the
> DC local password (or even write it down and lock it up.)
>
> --
> Herb Martin
And I might add, the name the Adminsitrator account
was renamed to be. Remember, local security policy
does have an effect on this account in the local SAM.
--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
> "Nettransplant" <> wrote in message
> news:aWVxb.518038$pl3.209492@pd7tw3no...
> > Thanks, clear now.
> >
> > "Herb Martin" <> wrote in message
> > news:%...
> > > "Nettransplant" <> wrote in message
> > > news:RTCxb.510406$6C4.146363@pd7tw1no...
> > > > So, if the administrator on the first DC in the domain is the
default
> > EFS
> > > > recovery agent and
> > > > my office grows to 5 DCs and 100 users with EFS folders all over the
> > place
> > > > for various reasons
> > > > AND I demote the first DC because it is an old PC and tooooo slow
> > > > Where does the EFS recovery keys go?
> > >
> > > It's not the "Adminstator on the first DC" but rather the "first
> > > Administrator
> > > on the Domain".
> > >
> > > DCs don't have local accounts (when operating as DCs), but rather the
> > > administrator
> > > is a domain account.
> > >
> > > (DCs do have a private SAM or local accounts database that is ONLY
> ACTIVE
> > > when they are booted into either the "Recovery Console" or in
"Directory
> > > Services
> > > Restore mode". The admin account there has no domain privileges or
> > > responsibilities,
> > > except maintenance on the DC.)
> > > --
> > > Herb Martin
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
|
Similar Threads
