How best to control Junior Admins
Home > IT Answers > Security > How best to control Junior Admins
Pandub
115 pts.
0
Q:
How best to control Junior Admins
Administrative privileges, Windows Server 2003, Network administrators, IT staff, Junior Network Administrators
Hi all,

Need to give new member of team Admin rights, but I'd like to know how you all manage your junior admins? I'd like to give restricted rights and have an audit trail.

Environments in Use;
- Window server 2003 and Active Directory
- Vmware ESX + vcentre
- Lotus Domino + Notes

I guess most of it comes down to AD!

Thanks
Paul
ASKED: Jun 2 2009  10:51 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
Aguacer0
2815 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
You would recommend using of both a security group (e.g. Junior Admins), assign those personnel in this membership, and then create a group policy with those permissions. Then assign this group policy to this security group. As per the auditing, You can use the built-in auditing within windows with some modifications. Or you can use a product like Active Administrator.

Within ESX, you cause modify the authentication mechanism to utilize Active Directory. Here's the pdf link to enable that: http://www.vmware.com/vmtn/resources/582

Lotus Domino & Notes (not familiar with) should be able to utilize AD which can then be audited by Active Administrator.
Last Answered: Jun 4 2009  4:57 PM GMT by Aguacer0   2815 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

BlankReg   11280 pts.  |   Jun 2 2009  11:37PM GMT

A large stick and threats of physical violence works for me. “You break my network, I break your fingers” ;-)

Also the words “If you don’t know how to do it, ASK” - That is how we all learn. And make regular backups !

 

Pjb0222   1110 pts.  |   Jun 3 2009  4:58PM GMT

Hi.

Here are the documents and procedures on administering the systems. All changes are logged. Access to the local administrator account password is for emergencies only and is logged (it is also changed 4 hours after the password is retrieved).

If you don’t know how to do something or are unclear on procedure, ask. Nothing goes to production without successfully going through test.

The first minor oops is free. Second oops or major oops get you…

So far as learning and testing? That is why there are test and engineering environments.

Here is your administrative IDs for each environment and initial passwords. Change the passwords now.

 
0