Solved

Controlling IT staff with Administrative access

Posted on 2004-09-30
6
231 Views
Last Modified: 2013-12-04
Our IT department has four staff, all have admin access to the servers.

Recently, a staff member put a user in the admin group, when confronted he denied doing it.... because the servers are always logged on as admin there is no way to trace it back.....

Is there a better way to controll access to servers via the admin user

Thanks
0
Comment
Question by:n_athen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 4

Expert Comment

by:novacopy
ID: 12191579
i would change the admin password and not tell them. then set a screensaver to have a password so whenever they need access they will have to use their own login info to unlock the server and log off the last user. maybe you should look at putting a "key logger" on the server so you can have everything that was done monitored.
0
 
LVL 4

Expert Comment

by:novacopy
ID: 12191582
not the best advise but just a suggestion
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 12191809
Some things can be nearly impossible to trace.  Look into enabling auditing on the servers (not necessarily file auditing, but auditing of users' use of security privilages).  In addition, create admin accounts for each user that needs admin access.  For example, in my last corporate position I setup the 10 people who needed admin access with accounts such as jbadmin and mkadmin (initials-admin).  You could also just create accounts such as jsmith-adm.  Their regular accounts get no special privilages, and the only admin account they know is the adm/admin account assigned to them.  Then you have to make sure everyone starts taking responsibility by logging off the servers when they are done - and locking the screens if they step away for a few minutes.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Nessus Scan 1 75
Endpoint security products 4 81
Windows Defender struggles to check for updates. 9 57
Botnet detection help me please 21 150
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
OfficeMate Freezes on login or does not load after login credentials are input.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question