Best Practice - Windows Server Access by multiple staff

We have about 25 Windows 2008 servers and up until now a fairly small development staff. Now we are ramping up for a large project and we have doubled the number of developers. In the past I have just let the developers use a single AD admin account to do installs and configurations on the servers. Now they all want to be able to log in individually with their individual AD accounts and have me add these accounts to the local admin account. That just does not sound right to me, but I don’t have a valid argument against it. Maybe I’m wrong. Anyway, I’m looking for some help in what would be best practice on this. They want to be able to login with their individual accounts because they want to be able to simultaneously log into the same server and do work and with Remote Desktop they would need to do this with separate accounts. I’m just not crazy about having all these profiles on the server.
TimSharpe02118Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Fred MarshallPrincipalCommented:
I don't know but isn't this the normal approach?  That is, to have user profiles on the Server?  Isn't that how file servers requiring user logins are set up?  

In general, I'd say it's NOT good practice to use one login where you have the option to do otherwise.
0
rindiCommented:
Setup virtual environments for them using VMware vSphere HyperVisor or m$ Hyper-V. Then they can do whatever they want on those servers, and once things work you can install the software in your main environment.
0
Darius GhassemCommented:
Well usually the secure way is to have each developer to have his own login. What you can do is a group in AD called Developers for example you then add the Developer's user accounts to this group. You can then add the group to the local admin group
0
Sean MeyerCommented:
I agree with both rindi and dariusq.  Each user should have his own login.  You do not need to create a local admin account.  Domain priviledges to do installs will give them plenty of priviledge to do installs on the server.  But that is where the problems start.  If you are having them do this in an active environment with new people who do not completely understand (and even some of the ones who do) the environment you will start to have problems with your servers as each person rolls out their changes.  

25 servers is a big enough environment where you can greatly benefit from those developers working in a test environment before they rollout their changes.  

If you do start doing this to your primary environment I recommend checking your backup procedures and making sure you have a recently tested recovery procedure in place. THEY WILL BREAK SOMETHING when that many new people start working on a big project.  
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TimSharpe02118Author Commented:
Thanks for the feedback, we alreday do have test and developemnt servers, sorry I did not mention that. We decided to setup 4 accounts for them to use that correspond to the major applications and then add these accounts to an AD group and then add that group to the loacl admin group on the servers where they need access.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.