Results 1 to 2 of 2
  1. #1
    3 Star Lounger
    Join Date
    Apr 2002
    Thanked 0 Times in 0 Posts

    Server Privileges


    I administer a Windows 2003 domain and I have application teams (such as Lotus Notes administration and the Legato backup team) who need to log onto various servers with adequate rights. My concern is that I do not want them to have full local admin rights to the servers (as they currently do) especially since I have no idea what level of expertise these people are. Indeed this all came to a head recently when one of our Lotus Notes team changed the IP address on a server (something I tightly control) and caused a whole raft of issues.

    Essentially what I need to do is allow teams to administer their applications but not be able to do anything much else, I want to try an institute some kind of change control on them and the easiest way to do that is stop them doing anything they shouldn't without our approval and we will document the changes.

    I accept, of course, that these teams need access to the servers, I just want an easy way to limit them ... I'd prefer this to be at the domain level (I tried adding a test user to the Remote Desktop Users group in Active Directory Users and Computers but it didn't allow the user to log on to a member server using TS) but if I have to do it on each system as it is added then so be it.

    Any help appreciated [img]/forums/images/smilies/smile.gif[/img]


  2. #2
    5 Star Lounger
    Join Date
    Nov 2004
    Wilmington, North Carolina, USA
    Thanked 0 Times in 0 Posts

    Re: Server Privileges

    TS and remote desktop are two different things...

    What exactly would they have to do whilst 'administering their own applications'? I'm assuming they wouldn't have to install/remove....why not create a group or even set them as power users?
    "If you spend more on coffee than on IT security, then you will be hacked. What's more, you deserve to be hacked." -Richard Clarke

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts