David Parter wrote: >>> 3) request for the accounts to be locked, not deleted. I think Security >>> will scream... > > Security should not scream (but they probably will), as long as you > develop a specific policy and procedure for this. Security has to secure > the systems, but they also have to be usable by the end users -- the > computers, and their data, are for user to get their work done.
In old UNIX parlance, it was regarded as best practice to lock, disable and otherwise completely neuter and lobotomize an account, but not to delete it -- else you run the risk of a corner case where a new user inherits the old UID. I presume the situation has changed? Yes, I am aware that Windows uses a SID, which is a much larger value that the traditional UID/GIDs. -- -- John E. Jasen (jja...@realityfailure.org) -- No one will sorrow for me when I die, because those who would -- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
