Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 322
  • Last Modified:

Help Desk User Account

Hello,

I am starting to setup delegation and restricting access for our Help Desk Personal.  In the past our Help Desk Users had full administrative rights.  We are now wanting to restrict that but are running into issues.  I am thinking of creating a Domain Admin account for the Help Desk employees but I want to limit the logon only to Client PC's and restricting access to our Servers.  What is the easiest way to do this?  What does everyone recommend?  Maybe a Domain Admin Account is not the way to go.  I am open to all suggestions.  

How is everyone else setting up there Help Desk Personal so they can still adequatley do there job.  

I have delegated permissions in AD so the Help Desk Personal complete AD Tasks.
0
Jason Carlson
Asked:
Jason Carlson
  • 2
  • 2
1 Solution
 
crawforditsCommented:
In the properties of their account in AD, restrict them only to the PCs that you want them to login to.  If you are talking about file level access, I would not make them a domain admin.
0
 
Jason CarlsonAuthor Commented:
Thanks... I thought about this solution.  But I want to be able to have the Help Desk Technician Access all Client Computers and Client Computers Joined to the Domain.  I thought it may be easier to create a group policy and Deny them access to certain servers.


Thanks
0
 
crawforditsCommented:
Edit the server local machine policy and deny log on locally.
0
 
Jason CarlsonAuthor Commented:
So how would you recommend doing this?  Logon to all the servers and edit the Local Policy?  Move all servers into the Same OU and apply a new Group Policy to the Servers OU?  What about the Domain Controllers with the Default Domain Policy and Default Domain Controller Policy?  Lastly should we not deny access to this computer from the network as well?  
0
 
JRockSolidCommented:
Put them on a VLAN and use the Firewal to restrict access to those servers from there network.  Would be ideal if you had the hardware necessary in my opinion.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now