Avatar of MarkMichael
MarkMichael

asked on 

Handing people the administrator account - no thanks!

Hi Experts

I would like you suggestions here.

I have an SBS Server ready for a customer, in fact more than one.

We have a contact on site that will do anything we ask them to do on the server for us. Knowing that a full administrator user will be able to do absolutely anything on the server, we do not want to give this person the account. However, changing/checking backup of our USB drives would need a person to click the 'Safely Remove Hardware' option for the USB device. So here, they need login previleges.

Also, I don't want to give them access to other users mailboxes. Simply put, the full administrator account will be able to add 'Mailbox Rights' to peoples mailboxes and give themselves full access with the administrator account. I don't like the fact that one person in the company would be able to do this.

What account level should I give a contact on-site to be able to perform login tasks, change/check backup?
What do you guys give your on-site contacts?
SBSExchangeWindows Server 2003

Avatar of undefined
Last Comment
Jeffrey Kane - TechSoEasy
Avatar of polo_boy
polo_boy

we dont give them any access! when removeable usb drives have been used, just tell them to turn the switch off on the hdd, then unplug. does no damage whatsoever and are designed for this. the plug new one in and switch on power. sorted.
Avatar of MarkMichael
MarkMichael

ASKER

Considering this, there is an event added to the event log stating that there is an issue. Nothing critical but I'd rather keep these to a minimum.

The users still need to check the backup for issues too, so I still need them to login.

Is there an account with certain access rights, which will allow me to do this. E.g. taking away Exchange Admins group from this user perhaps?
Avatar of polo_boy
polo_boy

as far as i can remember without checking the server, the only account that has accfess to modify exchange is the administrator. even a styandard account should have rights to stop usb device and check backup software as long as you provide a shortcut to the backup soft. you seem very nervous of this person, its best you dont give them any more than you have to, and make sure you have removed 'everyone' from security privelidges throughout server 2k3.
The user neads to be added to the local 'Backup Operators'-group to manage backup jobs and logon locally.

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights
* Log on locally
* Backup files and directories
ASKER CERTIFIED SOLUTION
Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Exchange
Exchange

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo