Consider making a direct contribution to help keep is-it-true.org on the Net by clicking on my Amazon honor system contribution paybox.

FYI if you click on any of my Amazon book, movie, or music links and purchase anything from Amazon, is-it-true.org will get a small percentage. Consider coming back to my site and getting into Amazon from one of my Amazon links, if you are going to purchase an item. It will help keep my site on the Net.

It is dangerous to work logged on as administrator constantly. Yeah, yeah, I know. I have argued long and loud against any attempt to restrict my admin access. But lets get real. Its dangerous. Accidents happen. Besides if I am careless and leave my workstation unprotected and I am signed on with admin privileges : in my case, I have admin rights on 20+ resource domains. I work in a couple constantly, and in the others less frequently. Talk about Pandora's box. To protect against such an incident, I log onto my PC and to the domain as a normal user. I read my mail and web surf using my normal user account. When I need to run User Manager or Server Manager or move files requiring admin access, I open a command-shell and gain admin access to that box and only that box using ipc$ admin authenication. For example, I need to add a user to the account domain. To gain admin access to the account domain, I type:

net use \\myaccdomPDC\IPC$ /user:myaccdom\myadminaccount myadminpw

When I finish the admin task of the moment, I type:

net use \\myaccdomPDC\IPC$ /d

which removed my admin access rights. With this mechanism I promote my access to admin, get the job done, then remove the admin-level access rights. When I am working at the admin level, I can pay the appropriate level of attention. Its difficult to do that if one works all day with that level of access. Its a bit of a hassle, but with significant safety builtin.

I have scripts to gain access or remove access to the servers I normally work on. If I have already accessed a particular server as a user, there may be a user-level IPC$ connection which will cause a credentials collision. Eliminiate the user-level connect by net use \\machine\ipc$ /d . Occasionally I have to logoff as a user and log back in as an admin (probably couple times a week). In any case, I drastically reduce the chance of accidently doing damage by doing all my work as an admin account. This method makes me think about the level of access. I also can remove the IPC$ connection when I am through and not be so concerned if I leave the workstation temporarily unsecured. After all, my logon only has normal user access at that time.

This is a good way to avoid performing routine non-admin tasks such as web surfing, browsing email with too many privileges.