Solved

Administrator Account

Posted on 2006-10-25
8
214 Views
Last Modified: 2010-03-19
I am a network administrator along with 2 other guys in my organization. We all use the same administrator account. We are a small group and one of the other 2 guys are believed to be going into private shares on the network because they have full control. I know we can setup seperate accounts for each of us. Is there a way to make each admin a lower grade admin so they can install software and that sort of thing but not be able to have access to view files on specific shares?
0
Comment
Question by:eli290
8 Comments
 
LVL 15

Expert Comment

by:Naser Gabaj
ID: 17803452
Greetings eli290,

I assume you are in domain LAN not Workgroup.
Make them Administrator only on thier machine but not domain admins, which is the highest level in the domain. and as for you get domain admin

Good Luck!
Naser
0
 

Author Comment

by:eli290
ID: 17803470
we are on a domain LAN but i need this to be access on the domain to install software etc.. on other peoples PC's
0
 
LVL 14

Expert Comment

by:Juan Ocasio
ID: 17803484
You could also make them a member of power user which should allow to do most installs.

jocasio
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 12

Expert Comment

by:Chris Staunton
ID: 17803530
You could also micro manage those special shares and remove the Domain Admins group from those shares so that the group Domain Admins doesn't have rights and assign just a specific admin rights to that group for management of files/folders on the share.


Hope that helps,


Shoota
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 17803548
If they need to be  domain admin you have a problem.
By default private shares are owned by the Administrators account. You can remove this by making either the user the owner, or a specific admin the owner, and then remove the administrators group as having permission to access the files. This will block them from accessing, however as domain admins there is nothing to keep them from taking ownership. You should probably give them their own domain admin account rather than the default, and then enable security logging to see who is going where.
0
 

Author Comment

by:eli290
ID: 17803578
How would we enable security logging?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17803702
Minor change in group policy will enable. Have look at the following MS article regarding enabling and tracking users:
http://support.microsoft.com/kb/814595
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17804414
Thanks eli290,
--Rob
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question