Solved

Help Desk User Account

Posted on 2006-10-27
5
313 Views
Last Modified: 2010-04-11
Hello,

I am starting to setup delegation and restricting access for our Help Desk Personal.  In the past our Help Desk Users had full administrative rights.  We are now wanting to restrict that but are running into issues.  I am thinking of creating a Domain Admin account for the Help Desk employees but I want to limit the logon only to Client PC's and restricting access to our Servers.  What is the easiest way to do this?  What does everyone recommend?  Maybe a Domain Admin Account is not the way to go.  I am open to all suggestions.  

How is everyone else setting up there Help Desk Personal so they can still adequatley do there job.  

I have delegated permissions in AD so the Help Desk Personal complete AD Tasks.
0
Comment
Question by:Jason Carlson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 9

Expert Comment

by:crawfordits
ID: 17822887
In the properties of their account in AD, restrict them only to the PCs that you want them to login to.  If you are talking about file level access, I would not make them a domain admin.
0
 

Author Comment

by:Jason Carlson
ID: 17829137
Thanks... I thought about this solution.  But I want to be able to have the Help Desk Technician Access all Client Computers and Client Computers Joined to the Domain.  I thought it may be easier to create a group policy and Deny them access to certain servers.


Thanks
0
 
LVL 9

Accepted Solution

by:
crawfordits earned 50 total points
ID: 17831169
Edit the server local machine policy and deny log on locally.
0
 

Author Comment

by:Jason Carlson
ID: 17834040
So how would you recommend doing this?  Logon to all the servers and edit the Local Policy?  Move all servers into the Same OU and apply a new Group Policy to the Servers OU?  What about the Domain Controllers with the Default Domain Policy and Default Domain Controller Policy?  Lastly should we not deny access to this computer from the network as well?  
0
 
LVL 3

Expert Comment

by:JRockSolid
ID: 17839771
Put them on a VLAN and use the Firewal to restrict access to those servers from there network.  Would be ideal if you had the hardware necessary in my opinion.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question