Solved

Help Desk User Account

Posted on 2006-10-27
5
311 Views
Last Modified: 2010-04-11
Hello,

I am starting to setup delegation and restricting access for our Help Desk Personal.  In the past our Help Desk Users had full administrative rights.  We are now wanting to restrict that but are running into issues.  I am thinking of creating a Domain Admin account for the Help Desk employees but I want to limit the logon only to Client PC's and restricting access to our Servers.  What is the easiest way to do this?  What does everyone recommend?  Maybe a Domain Admin Account is not the way to go.  I am open to all suggestions.  

How is everyone else setting up there Help Desk Personal so they can still adequatley do there job.  

I have delegated permissions in AD so the Help Desk Personal complete AD Tasks.
0
Comment
Question by:Jason Carlson
  • 2
  • 2
5 Comments
 
LVL 9

Expert Comment

by:crawfordits
ID: 17822887
In the properties of their account in AD, restrict them only to the PCs that you want them to login to.  If you are talking about file level access, I would not make them a domain admin.
0
 

Author Comment

by:Jason Carlson
ID: 17829137
Thanks... I thought about this solution.  But I want to be able to have the Help Desk Technician Access all Client Computers and Client Computers Joined to the Domain.  I thought it may be easier to create a group policy and Deny them access to certain servers.


Thanks
0
 
LVL 9

Accepted Solution

by:
crawfordits earned 50 total points
ID: 17831169
Edit the server local machine policy and deny log on locally.
0
 

Author Comment

by:Jason Carlson
ID: 17834040
So how would you recommend doing this?  Logon to all the servers and edit the Local Policy?  Move all servers into the Same OU and apply a new Group Policy to the Servers OU?  What about the Domain Controllers with the Default Domain Policy and Default Domain Controller Policy?  Lastly should we not deny access to this computer from the network as well?  
0
 
LVL 3

Expert Comment

by:JRockSolid
ID: 17839771
Put them on a VLAN and use the Firewal to restrict access to those servers from there network.  Would be ideal if you had the hardware necessary in my opinion.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question