We help IT Professionals succeed at work.

Tracking who is using which account

Simon336697
Simon336697 asked
on
Hi guys hope you are all well and can assist.
Guys, we want to develop a process that does the following:

1) Any user that requries certain privileges, will be assigned a particular role-based account.
For example, if a user requires to perform citrix operations, they may be given, in addition to their normal day-to-day account, a citrix account. Let's say this is account named: citrix_admin_1

2) We want to track at any point in time who is using these role-based accounts.

Bob is currently using account:   citrix_admin_1
Steve is currently using account:   citrix_admin_2
Sarah is currently using account:   citrix_admin_3
Shelly is currently using account:   altiris_admin_1
Danielle is currently using account:   sql_admin_1

Each of these role-based accounts, will belong to particular groups, that will then be assigned the appropriate permissions to do those particular tasks.

What Id like from you guys, is the following:

Question: Do you guys use anything similar in your environment?

Question: Any suggestions as to how we implement a process to ensure that everyone abides by this process?

Any help greatly appreciated.
Comment
Watch Question

Top Expert 2012
Commented:
Not that Familiar with Citrix, but in General....

As its not ideal to use a Generic Admin Account
Wouldnt it just be easier to to create Amdin account for the users
Then theres no question

i.e.

Citrix_Bob-A
Citrix_Steve-A

-A = Administrator

Otherwise Kinda like using your Administrator Account to work on Your Servers, or Administrator Accounts to work on your PABX ect ect rather than Creating Specific Admin User Account...

Hi,

On the Citrix XenApp Delivery Console --> Administrators. You can specify the permissions for each account (Very Granular Permissions). I would recommend to add the users accounts to the Citrix Admin group.

The Idea of having one account per user to perform all tasks, is that you can monitor the account usage and simplify the security management, for example you will have to change your password once, you have to delete your account once.

Also these usernames should not be use to start any service on the servers. I have seen many admins do this.

Author

Commented:
Thanks guys much appreciated.