?
Solved

Help Desk User Account

Posted on 2006-10-27
5
Medium Priority
?
317 Views
Last Modified: 2010-04-11
Hello,

I am starting to setup delegation and restricting access for our Help Desk Personal.  In the past our Help Desk Users had full administrative rights.  We are now wanting to restrict that but are running into issues.  I am thinking of creating a Domain Admin account for the Help Desk employees but I want to limit the logon only to Client PC's and restricting access to our Servers.  What is the easiest way to do this?  What does everyone recommend?  Maybe a Domain Admin Account is not the way to go.  I am open to all suggestions.  

How is everyone else setting up there Help Desk Personal so they can still adequatley do there job.  

I have delegated permissions in AD so the Help Desk Personal complete AD Tasks.
0
Comment
Question by:Jason Carlson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 9

Expert Comment

by:crawfordits
ID: 17822887
In the properties of their account in AD, restrict them only to the PCs that you want them to login to.  If you are talking about file level access, I would not make them a domain admin.
0
 

Author Comment

by:Jason Carlson
ID: 17829137
Thanks... I thought about this solution.  But I want to be able to have the Help Desk Technician Access all Client Computers and Client Computers Joined to the Domain.  I thought it may be easier to create a group policy and Deny them access to certain servers.


Thanks
0
 
LVL 9

Accepted Solution

by:
crawfordits earned 150 total points
ID: 17831169
Edit the server local machine policy and deny log on locally.
0
 

Author Comment

by:Jason Carlson
ID: 17834040
So how would you recommend doing this?  Logon to all the servers and edit the Local Policy?  Move all servers into the Same OU and apply a new Group Policy to the Servers OU?  What about the Domain Controllers with the Default Domain Policy and Default Domain Controller Policy?  Lastly should we not deny access to this computer from the network as well?  
0
 
LVL 3

Expert Comment

by:JRockSolid
ID: 17839771
Put them on a VLAN and use the Firewal to restrict access to those servers from there network.  Would be ideal if you had the hardware necessary in my opinion.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question