[ale] Security best practice - Remove or disable user accounts?

Jim Kinney jim.kinney at gmail.com
Thu Aug 7 12:54:27 EDT 2008


Disable for data retention and delete for security reasons.

Best of both: archive the user data onto a backup media AND delete the user
account and existing storage locations other than the archive.

Sysadmins get their account(s) wiped along with other programing types.
Management types get disabled and archived.

Best practice is really what method makes the most sense for the situation.
I use the archive and delete for everything. With *nix systems, it's easy to
deal with the old user data. With windbloze it's a royal PITA.

2008/8/7 Jeff Lightner <jlightner at water.com>

>  At a former job the policy was to disable rather than remove user
> accounts.
>
> However, on checking for "best practices" I don't find any indication why
> this should be and find several references to removing them completely.
>
> Does anyone know of a best practice that explains why disabling would be
> preferable to removing?
>  ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
> information and is for the sole use of the intended recipient(s). If you are
> not the intended recipient, any disclosure, copying, distribution, or use of
> the contents of this information is prohibited and may be unlawful. If you
> have received this electronic transmission in error, please reply
> immediately to the sender that you have received the message in error, and
> delete it. Thank you.
> ----------------------------------
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>


-- 
-- 
James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080807/4c557342/attachment.html 


More information about the Ale mailing list