Group Membership

Neo_78
Neo_78 used Ask the Experts™
on
We need a group membership based on the time. This is required because we provide domain admin access to adminstrators based on the requirement and we remove them once the activity is completed. This is a manual activity and if we forget to remove them then it is a audit issue.

Is there any script/tool which will help us to provide time based group membership.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Is there a set time on which they need acces? like the first monday of every month or something like that? In that case you could use the NTFS folder options..

Author

Commented:
No there is no such time. They will send request say for 2 hours they need access. We add them and then remove them after 2 hours.

Commented:
hmm well in that case I don't know of any tool or anything like that. I'd be happy to write a script for you myself, but the only way I know how to do it would mean that you'd keep the script running for the designated amount of time. While it is running it would consume a small amount of memory and CPU.
Senior Solutions Architect
Commented:
Don't give users elevated permissions on their normal accounts, rather create separate administration accounts for them that you can play with.
In some instances the users accounts keep some domain admin permissions, which can affect the functionality later.
I've seen this happening where we cannot give users access to Lync after they've been made Domain Admins, without reseting the permissions on the user account.
http://support.microsoft.com/kb/816666

You can then set  specific logon times for these users, including which servers they can access.

Author

Commented:
This was not complete solution but a hint towards that

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial