Help Desk User Account
Hello,
I am starting to setup delegation and restricting access for our Help Desk Personal. In the past our Help Desk Users had full administrative rights. We are now wanting to restrict that but are running into issues. I am thinking of creating a Domain Admin account for the Help Desk employees but I want to limit the logon only to Client PC's and restricting access to our Servers. What is the easiest way to do this? What does everyone recommend? Maybe a Domain Admin Account is not the way to go. I am open to all suggestions.
How is everyone else setting up there Help Desk Personal so they can still adequatley do there job.
I have delegated permissions in AD so the Help Desk Personal complete AD Tasks.
I am starting to setup delegation and restricting access for our Help Desk Personal. In the past our Help Desk Users had full administrative rights. We are now wanting to restrict that but are running into issues. I am thinking of creating a Domain Admin account for the Help Desk employees but I want to limit the logon only to Client PC's and restricting access to our Servers. What is the easiest way to do this? What does everyone recommend? Maybe a Domain Admin Account is not the way to go. I am open to all suggestions.
How is everyone else setting up there Help Desk Personal so they can still adequatley do there job.
I have delegated permissions in AD so the Help Desk Personal complete AD Tasks.
In the properties of their account in AD, restrict them only to the PCs that you want them to login to. If you are talking about file level access, I would not make them a domain admin.
ASKER
Thanks... I thought about this solution. But I want to be able to have the Help Desk Technician Access all Client Computers and Client Computers Joined to the Domain. I thought it may be easier to create a group policy and Deny them access to certain servers.
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So how would you recommend doing this? Logon to all the servers and edit the Local Policy? Move all servers into the Same OU and apply a new Group Policy to the Servers OU? What about the Domain Controllers with the Default Domain Policy and Default Domain Controller Policy? Lastly should we not deny access to this computer from the network as well?
Put them on a VLAN and use the Firewal to restrict access to those servers from there network. Would be ideal if you had the hardware necessary in my opinion.