Petersennik
asked on
Administrator Right
I do use allot support from various Computer Experts & I wanted to know how to handle the Administrator Account. For security reasons I give my user name & password to the Computer Experts to preform tasks or issues on my Servers.
What is the best way the handle this issue,? How do companies with six servers like mine handle this issue I would like to know ?
What is the best way the handle this issue,? How do companies with six servers like mine handle this issue I would like to know ?
As one of those who work on other people's system it is up to you.
I.e. Administrator account in most cases should be disabled after you have a replacement administrator account in place. or you can limit the Administrator account such that it can not be used in a remote connection.
I.e. the support expert will have a limited user account and use the runas option to elevate ones rights depending on what it is you need done.
If as you say you use various individuals, you could use a "special account" such that you change the password and activate it when you have an expert look at our systems.
Presumably your servers are centrally managed AD/LDAP/....
I.e. Administrator account in most cases should be disabled after you have a replacement administrator account in place. or you can limit the Administrator account such that it can not be used in a remote connection.
I.e. the support expert will have a limited user account and use the runas option to elevate ones rights depending on what it is you need done.
If as you say you use various individuals, you could use a "special account" such that you change the password and activate it when you have an expert look at our systems.
Presumably your servers are centrally managed AD/LDAP/....
ASKER
Arnold:
I like your suggestion of having a limited user account which can be elevate as & when one needs to I have AD Server, how can do this please guide in more detail.
I like your suggestion of having a limited user account which can be elevate as & when one needs to I have AD Server, how can do this please guide in more detail.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Arnold
Thanks for the information.
Tasks undertaken by the computer experts are not common.
Most of the tasks undertaken is fire fighting major issues with the Email, ISA etc...
Will create a Account in the system as suggested.
Thanks for the information.
Tasks undertaken by the computer experts are not common.
Most of the tasks undertaken is fire fighting major issues with the Email, ISA etc...
Will create a Account in the system as suggested.
If you are referring to users inside your company then that is a different matter. In our company we have hundreds of servers around the world and Domain Admin accounts for those of us responsible. We each have our own Admin usernames and password that expires every 90 days.
We do have standard usernames and passwords for iLO and ESXi so each of us can help each other.
I don't know if that is what you were looking for or not??