Solved

Administrator Delegation Help

Posted on 2011-02-17
2
199 Views
Last Modified: 2012-05-11
Scenario:
We have 20 Sites globally, 100 Servers (ALL Win 2003) Approx. 3000 Desktop users split between global sites. To manage this we have a service desk tier 1/2/3 and on each site with have what we call low grade administrators (Hands & feet, general daily admin duties etc. etc.) my issue is sorting and an AD Account for these site administrators that allows them to conduct daily duties. In the past Domain Admin rights have been given out all over the place - this has led to serious issues. Can anyone suggest a good solid format for managing this?
0
Comment
Question by:I_T_MAN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 3

Expert Comment

by:iamshergill
ID: 34914893
Make them members of below group in A.D.>

-Account Operators
-Backup Operators
-Network Configuration Operatos
-Print Operators

However above given solution is not ultimate because of lake of information. We can also create saperate OUs for each site and delegate administrator to their respective OU, that could be better solution.

If you can provide me list what tasks you want them to do?
0
 
LVL 27

Accepted Solution

by:
KenMcF earned 500 total points
ID: 34914944
I would stay away from the built in groups. These will give more rights than you probably want to give. I would only delegate the rights needed. Do the level 3 people need to logon to the DCs? if they do then you should probbaly give them domain admin, For the other groups they can manage users and computers for their own location if you have the OUs properly seperated. It all depends on what you need these groups to do.



http://www.windowsecurity.com/articles/Built-in-Groups-Delegation.html
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question