|
-
November 15th, 2005, 11:38 PM
#1
Inactive - but disabled user accounts?
Hello all-
My brain just spun-locked on this one. We are auditing a group that has over 9,000 accounts, but over 6,000 of those accounts are labeled "inactive" and are disabled - no login/shell access. Now going over our User Account Policies and Standards we find that this is a still no-no - as avenues - such as Social Engineering can be deployed to activate those accounts again, among other avenues of attack; however IT is battling back with some of the following reasons:
1. Project data needs to be kept under project IDs per project retention requirements
2. Expired user is still an active employee and have not indicated that they want account removed
3. Samba accounts are locked upon setup
4. Default System accounts are required but can be locked
I can see their logic for some of the above - but 6,000+ plus accounts - more than double that of their active accounts? Before I go off and club them with the policies and standards, yet again, I wanted to get some opinions from the ever-wise group me'ah. Thoughts please.
Thank you!
\"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote