General security best practices
Sometimes we need only to rely on ourselves, and not necessarily on functionality provided by the OS, to secure our systems. There are many common-sense approaches to administratorship (it's kind of fun being behind this keyboard: I get to make up new words all day long) that are easy to accomplish but are rarely used in the field.
The following are a few tips and tricks that I have learned over the years and have helped companies implement. Hopefully, you as the reader have even more to add to this list as to what works well for you, but if nothing else this section is intended to jog your thinking into finding creative ways with which you can limit administrative capability and vulnerability within your network.
Getting rid of perpetual administrators
Do all of your IT staff have domain admin rights the day they are hired? Do any of your IT staff have access to the built-in domain administrator account password? Do you have regular users whose logins...