Yesterday I added a new member to the domain admins group in a company I do work for. Off the cuff I typed up a few comments to send along with the note indicating the access has been granted, thought I would share.
1. Do not share your credentials with anyone. Period.
2. Be scared when using the ID, you can do a lot of damage with it.
3. Have second and third thoughts before changing things.
4. When in GUI applications, if you don’t mean to change things, use CANCEL, not OK to exit dialogs.
5. You can do a lot from your normal userid, prefer to use it over the Domain Admin ID.
6. Try to solve issues without logging interactively into Domain Controllers.
7. If you aren’t sure about something, don’t do it.
8. Ask questions. I much rather hear “I don’t know” than someone try to guess.
Good list.
Reminds me of how I describe having DA creds:
“My first responsibility is to protect the environment – mostly from myself”
Seems as though these should instead be rewritten as interview questions…
I’ve found that “ready…aim…ready…” personalities are more suited to this kind of role than “fire…ready…fire..aim” personalities. Think about what you’re going to do. Why you’re going to do it. The sequence in which you’re going to do it. Then think about it again, and write that down before you do it!
Related, nothing worries me more than overhearing the words “uh oh” from a sysadmin. Including myself.
I really like number 8 So many people are so worried that if they say “I don’t know” that somehow they look stupid or feel their job would be at risk.
In the end people respect you more if you don’t try and blow smoke and BS them.
Wise Words, i want to share my spanish translation
1. No Compartas tus credenciales con nadie. Punto
2. Siente temor al usar tu cuenta. Puedes hacer mucho daño con ella
3. Piénsalo dos y tres veces antes de cambiar cosas
4. Cuando trabajes en aplicaciones gráficas, si no vas a cambiar algo usa CANCEL, no OK para cerrar la ventana
5. Puedes hacer la mayor parte de tu trabajo con tu cuenta de usuario. Prefiere usar tu cuenta de usuario en lugar de la cuenta de administrador de dominio
6. Trata de resolver los problemas sin iniciar sesión interactiva (local o remota) en los Controladores de Dominio
7. Si no estás seguro de algo, NO lo hagas
8. Si no sabes algo, pregunta. Es preferible escuchar a alguien decir “No lo sé” que verlo tratando de adivinar
Great list!
I was amazed to see number 4. I was thinking that I am the only one to prefer Cancel over OK and that it probably looked stupid for other people. It feels right to me, however, and I keep doing it.
I will forward this to my fellows at the IT department 🙂