6.5. Task 6.5: Secure Administration Using Run As
A fundamental concept behind most operating systems is that a single user should have only a single user account, and that all functions that user is required to perform should be accomplished from that single user account. This is true for all users, except the administrators of the network.
Administrators of the network should have two user accounts: one user account with Administrator privileges, and one user account with nonadministrator privileges.
The highest levels of administrators, which should be a rare few individuals, would have a third account; access to the Administrator account for the domain. This is the default, built-in Administrator account that cannot be locked out on ...