Solved

Help Desk User Account

Posted on 2006-10-27
5
315 Views
Last Modified: 2010-04-11
Hello,

I am starting to setup delegation and restricting access for our Help Desk Personal.  In the past our Help Desk Users had full administrative rights.  We are now wanting to restrict that but are running into issues.  I am thinking of creating a Domain Admin account for the Help Desk employees but I want to limit the logon only to Client PC's and restricting access to our Servers.  What is the easiest way to do this?  What does everyone recommend?  Maybe a Domain Admin Account is not the way to go.  I am open to all suggestions.  

How is everyone else setting up there Help Desk Personal so they can still adequatley do there job.  

I have delegated permissions in AD so the Help Desk Personal complete AD Tasks.
0
Comment
Question by:Jason Carlson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 9

Expert Comment

by:crawfordits
ID: 17822887
In the properties of their account in AD, restrict them only to the PCs that you want them to login to.  If you are talking about file level access, I would not make them a domain admin.
0
 

Author Comment

by:Jason Carlson
ID: 17829137
Thanks... I thought about this solution.  But I want to be able to have the Help Desk Technician Access all Client Computers and Client Computers Joined to the Domain.  I thought it may be easier to create a group policy and Deny them access to certain servers.


Thanks
0
 
LVL 9

Accepted Solution

by:
crawfordits earned 50 total points
ID: 17831169
Edit the server local machine policy and deny log on locally.
0
 

Author Comment

by:Jason Carlson
ID: 17834040
So how would you recommend doing this?  Logon to all the servers and edit the Local Policy?  Move all servers into the Same OU and apply a new Group Policy to the Servers OU?  What about the Domain Controllers with the Default Domain Policy and Default Domain Controller Policy?  Lastly should we not deny access to this computer from the network as well?  
0
 
LVL 3

Expert Comment

by:JRockSolid
ID: 17839771
Put them on a VLAN and use the Firewal to restrict access to those servers from there network.  Would be ideal if you had the hardware necessary in my opinion.
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question