Administrator Right

I do use allot support from various Computer Experts & I wanted to know how to handle the Administrator Account. For security reasons I give my user name & password to the Computer Experts to preform tasks or issues on my Servers.

What is the best way the handle this issue,? How do companies with six servers like mine handle this issue I would like to know ?
PetersennikAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pjamCommented:
If you arereferring to outsourcing, probably the best method is to give them an account that expires.

If you are referring to users inside your company then that is a different matter.  In our company we have hundreds of servers around the world and Domain Admin accounts for those of us responsible.  We each have our own Admin usernames and password that expires every 90 days.

We do have standard usernames and passwords for iLO and ESXi so each of us can help each other.

I don't know if that is what you were looking for or not??
arnoldCommented:
As one of those who work on other people's system it is up to you.
I.e. Administrator account in most cases should be disabled after you have a replacement administrator account in place. or you can limit the Administrator account such that it can not be used in a remote connection.
I.e. the support expert will have a limited user account and use the runas option to elevate ones rights depending on what it is you need done.
If as you say you use various individuals, you could use a "special account" such that you change the password and activate it when you have an expert look at our systems.
Presumably your servers are centrally managed AD/LDAP/....

 

PetersennikAuthor Commented:
Arnold:
I like your suggestion of having a limited user account which can be elevate as & when one needs to I have AD Server, how can do this please guide in more detail.
arnoldCommented:
You create an limited account:
consultant limited (note a limited account can not loginto a DC.

another option you can create an account and have it as a member of the Server operator group.
The user will be able to login into the various servers to manage, but it will no be able to alter authentication.

In AD there are different groups that you can use Authentication, Server operators, backup operators, printer operators, etc. Each group grants a different set of rights to the user.
etc.

I.e. a user can be a member of the backup operators group and printer operators  group i.e. the user will be performing backup or restoring data from backups or the user will be dealing with printer/print manger setup

The elevation to administrator runas /user:domain\username cmd
once the password for domain\username is provided a new command window pops up indicating that it is running under the domain\username credentials.

Do you have a common definition of the tasks those individual perform?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PetersennikAuthor Commented:
Arnold
Thanks for the information.

Tasks undertaken by the computer experts are not common.

Most of the tasks undertaken is fire fighting major issues with the Email, ISA etc...

Will create a Account in the system as suggested.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.