Establish Secure Administration Practices
Security configuration is useless without secure administration practices. An untrustworthy administrator can remove security, or worse, go around security settings and polices. There are two ways to reduce the risk of administrative abuse; both should be used:
Understand that administrators are people and resolve personnel issues.
Apply the security principles of least privilege and separation of duties to secure the administrative role.
Personnel Issues
Just because someone has network or systems administration skills is no guarantee that they know or have the best interests of the company at heart, that they share the company's ethical beliefs, or that they will not change their practices over time. ...
Get Windows Server 2003 Security: A Technical Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.