Solved

Controlling IT staff with Administrative access

Posted on 2004-09-30
6
229 Views
Last Modified: 2013-12-04
Our IT department has four staff, all have admin access to the servers.

Recently, a staff member put a user in the admin group, when confronted he denied doing it.... because the servers are always logged on as admin there is no way to trace it back.....

Is there a better way to controll access to servers via the admin user

Thanks
0
Comment
Question by:n_athen
  • 2
6 Comments
 
LVL 4

Expert Comment

by:novacopy
ID: 12191579
i would change the admin password and not tell them. then set a screensaver to have a password so whenever they need access they will have to use their own login info to unlock the server and log off the last user. maybe you should look at putting a "key logger" on the server so you can have everything that was done monitored.
0
 
LVL 4

Expert Comment

by:novacopy
ID: 12191582
not the best advise but just a suggestion
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 12191809
Some things can be nearly impossible to trace.  Look into enabling auditing on the servers (not necessarily file auditing, but auditing of users' use of security privilages).  In addition, create admin accounts for each user that needs admin access.  For example, in my last corporate position I setup the 10 people who needed admin access with accounts such as jbadmin and mkadmin (initials-admin).  You could also just create accounts such as jsmith-adm.  Their regular accounts get no special privilages, and the only admin account they know is the adm/admin account assigned to them.  Then you have to make sure everyone starts taking responsibility by logging off the servers when they are done - and locking the screens if they step away for a few minutes.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Permission issue? 10 67
Recommended frequency / cycle of applying MS & Oracle security patches 3 67
should I worry about this? 6 97
Using cipher to decrypt files. 4 69
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now