our company has just employed someone to work alongside myself. the role of this person is to provide desktop support for our employees. so will need to login to the computers with administrator permissions to carry out software installs etc. at the moment i have added the user to the domain administrator group users on our domain controller active directory.
Not certain that this is the way forward for a new starter but i understand that there has to be an element of trust. but thinking in the companys interest i have to have forward think the scenerio. as previously mentioned the user is for desktop support but nothing higher than that. so anything higher network / server related must be done by myself. the user will do windows installs and setup softwares and join onto the computer onto the domain through (computer name / domain change on the local computer)
does this mean the user has to have the ultimate admin access to the domain or is there a lesser permission. i think sometimes a junior admin may feel the temptation to try something without realising the disaster that may happen from ones actions and this is what i am trying to prevent although i know educating is probably the best approach.