?
Solved

Administrator Account

Posted on 2006-10-25
8
Medium Priority
?
219 Views
Last Modified: 2010-03-19
I am a network administrator along with 2 other guys in my organization. We all use the same administrator account. We are a small group and one of the other 2 guys are believed to be going into private shares on the network because they have full control. I know we can setup seperate accounts for each of us. Is there a way to make each admin a lower grade admin so they can install software and that sort of thing but not be able to have access to view files on specific shares?
0
Comment
Question by:eli290
8 Comments
 
LVL 15

Expert Comment

by:Naser Gabaj
ID: 17803452
Greetings eli290,

I assume you are in domain LAN not Workgroup.
Make them Administrator only on thier machine but not domain admins, which is the highest level in the domain. and as for you get domain admin

Good Luck!
Naser
0
 

Author Comment

by:eli290
ID: 17803470
we are on a domain LAN but i need this to be access on the domain to install software etc.. on other peoples PC's
0
 
LVL 15

Expert Comment

by:Juan Ocasio
ID: 17803484
You could also make them a member of power user which should allow to do most installs.

jocasio
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 12

Expert Comment

by:Chris Staunton
ID: 17803530
You could also micro manage those special shares and remove the Domain Admins group from those shares so that the group Domain Admins doesn't have rights and assign just a specific admin rights to that group for management of files/folders on the share.


Hope that helps,


Shoota
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 17803548
If they need to be  domain admin you have a problem.
By default private shares are owned by the Administrators account. You can remove this by making either the user the owner, or a specific admin the owner, and then remove the administrators group as having permission to access the files. This will block them from accessing, however as domain admins there is nothing to keep them from taking ownership. You should probably give them their own domain admin account rather than the default, and then enable security logging to see who is going where.
0
 

Author Comment

by:eli290
ID: 17803578
How would we enable security logging?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 17803702
Minor change in group policy will enable. Have look at the following MS article regarding enabling and tracking users:
http://support.microsoft.com/kb/814595
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 17804414
Thanks eli290,
--Rob
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question