Solved

Controlling IT staff with Administrative access

Posted on 2004-09-30
6
226 Views
Last Modified: 2013-12-04
Our IT department has four staff, all have admin access to the servers.

Recently, a staff member put a user in the admin group, when confronted he denied doing it.... because the servers are always logged on as admin there is no way to trace it back.....

Is there a better way to controll access to servers via the admin user

Thanks
0
Comment
Question by:n_athen
  • 2
6 Comments
 
LVL 4

Expert Comment

by:novacopy
ID: 12191579
i would change the admin password and not tell them. then set a screensaver to have a password so whenever they need access they will have to use their own login info to unlock the server and log off the last user. maybe you should look at putting a "key logger" on the server so you can have everything that was done monitored.
0
 
LVL 4

Expert Comment

by:novacopy
ID: 12191582
not the best advise but just a suggestion
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 12191809
Some things can be nearly impossible to trace.  Look into enabling auditing on the servers (not necessarily file auditing, but auditing of users' use of security privilages).  In addition, create admin accounts for each user that needs admin access.  For example, in my last corporate position I setup the 10 people who needed admin access with accounts such as jbadmin and mkadmin (initials-admin).  You could also just create accounts such as jsmith-adm.  Their regular accounts get no special privilages, and the only admin account they know is the adm/admin account assigned to them.  Then you have to make sure everyone starts taking responsibility by logging off the servers when they are done - and locking the screens if they step away for a few minutes.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now