I'm currently working on separating my admin access using an encrypted VM on my daily workstation. I'm curious about how others implement this. Do you log into your admin workstation with your admin account or do you stick to your daily user account? If you use your daily account, do you manage this by having different browser profiles and minimizing your daily account's use? Additionally, do you maintain separate password vaults for your daily and admin activities?
5 Answers
My approach is pretty strict. I don’t let my daily user account have any special access, which can be a pain sometimes because it limits me from accessing some basic internal documents. I use a separate PC just for admin tasks that’s on a management VLAN and secured with MFA.
For managing multiple Azure tenants, I’ve switched to using different profiles in Edge, which works great. It’s a lot simpler than using different browsers, especially since I can handle multiple admin accounts without much hassle.
Yeah, it's really straightforward to keep things separate. For daily tasks, you shouldn’t have any admin privileges at all. If you need to log in as an admin, just open a browser or tool as that user specifically.
I really recommend keeping separate accounts. It’s just standard practice now. I’ve been doing this for over 25 years, and while it felt annoying at first, it’s second nature now. Using tools like sudo or runas isn’t hard either. It's especially important for teams that need to log into production servers; at least you can audit what’s done and by whom.
One good practice is to run your daily and admin tasks on completely different VMs. Even if your daily VM gets compromised, it can help safeguard your admin activities on a separate one. Some might find it a bit over the top, but it's a solid way to add layers of security.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures