user accounts

Posted on 2010-01-09
Medium Priority
Last Modified: 2013-12-04
My Managers are nice enough to hire a temp while I learn our companies software. while the temp is here he/she will need a decent amount of access to the network, however, I'm reluctant to give Administrator access.  On a windows 2003 active directory domain, is there a group I could put him/her in that should be sufficient but isn't Admin?
Question by:JeffBeall
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

Jumbobazman earned 668 total points
ID: 26275280
Yes - there are several priviledge accounts in active directory

This page should clearly show you what they are and what you can assign this person to

LVL 21

Assisted Solution

farazhkhan earned 664 total points
ID: 26275345

Well, It depends what level of access you want to grant him/her or what would be the his/her responsibility under your absence.

In my cases, I assign user to "Account Operators" & "Server Operators" group so he/she can  create, modify, and delete accounts for users, groups, and computers located in the containers and OUs - except for the Domain Controllers OU. Cannot modify the Administrators or Domain Admins group. Also he/she woule be able to back up and restore files.

This list will also be helpful for you to decide: http://www.learnthat.com/Certification/learn/1095/Administering-Windows-2003-MCSE/page/40/

Faraz H. Khan
LVL 10

Expert Comment

ID: 26275347
Are there any specific rights that you are wanting to give?  For instance, if this person needs to do backups, you can make them a member of the backup operaters group.  There isn't really a power user group in AD; only on a local machine.
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.


Author Comment

ID: 26275413
"Are there any specific rights that you are wanting to give?"
he/she will have to admin user accounts and probably backup servers.
LVL 10

Assisted Solution

lobo797 earned 668 total points
ID: 26275501
Then I would do like Faraz is suggesting.  In the users AD account, add to the members of tab "Account Operators" & "Server Operators".  This would include the ability to backup and restore files.

I would be reluctant to give any more rights than listed to a temp than absolutely necessary.  I would rather start with less and increase to more when needed.

Author Closing Comment

ID: 31675055
thank you, that was very helpful.

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
how to add IIS SMTP to handle application/Scanner relays into office 365.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month11 days, 11 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question