Types of Accounts and there Uses
...
The use of NetID accounts is limited to non-privileged user activities such as accessing email, file shares, web browsers, workstations, and non-privileged application access. These accounts will not be granted administrative privileges on hosts or used to authenticate services or applications to Active Directory or LDAP 389.
Administrative Account
All users who have elevated access to a system or service will have one secondary account used solely for tasks that require greater administrative access. These accounts will be created and maintained in the OU Admin in Active Directory and can only be acted on by Domain Admins. In 389 these accounts are stored in the OU People and access is restricted to System Admins.
...
The password for this account must follow the Network Password Requirements and cannot be the same as your personal account. If available, the account and password should be stored in the University Controlled Password Manager.
Vendor Account
A vendor account can be requested for a vendor only after a contract is in place. The account will follow the naming convention as established in the Privileged Access Standard and is limited to non-privileged user activities such as using the University VPN. These accounts will be created and maintained in the OU Generic in Active Directory, and in People for 389.
Vendor Privileged Account
If the vendor will be doing work that requires privileged access, they will be required to use a vendor administrative account using the established Privileged Access Standard. The account should only be used for the purpose it was created for and will be stored in the OU Admin and can only be acted on by Domain Admins.
Non-personal Accounts
A non-personal account is created for a service, application or a group to gain access to a resource. The manager and or owner of the account is responsible for the use of the account and administrative responsibilities such as responding to renewals when necessary.
...
Generic accounts will not be granted administrative privileges to any system and must not be used to authenticate services or applications to Active Directory or LDAP 389.
Event Access Account
An event access account is an account that is shared by a group to access resources, such as files shares, web browsers and workstations for a short predefined period of time.
Event access accounts will not be granted administrative privileges to any system and must not be used to authenticate services or applications to Active Directory or LDAP 389.
Account Type Overview
| Type of Account | Used to gain Privileged Access | Password Storage | Password | Used to authenticate a service or application for Directory Services |
|---|
| NetID Account | No | User's discretion to keep the password private and secure | Personal | No |
|---|---|---|---|---|
| Administrative Account | Yes | Enterprise Password Management solution | Personal | No |
| Vendor Account | No | User's discretion to keep the password private and secure | Personal | No |
| Privileged Vendor Account | Yes | Enterprise Password Management solution | Personal | No |
| Service Account | Yes | Enterprise Password Management solution | non-Personal | Yes |
| Departmental Account | No | User's discretion to keep the password private and secure | non-Personal | No |
| Generic Account | No | User's discretion to keep the password private and secure | Personal | No |
| Event Access Account | No | User's discretion to keep the password private and secure | non-Personal | No |
...