TimSharpe02118
asked on
Best Practice - Windows Server Access by multiple staff
We have about 25 Windows 2008 servers and up until now a fairly small development staff. Now we are ramping up for a large project and we have doubled the number of developers. In the past I have just let the developers use a single AD admin account to do installs and configurations on the servers. Now they all want to be able to log in individually with their individual AD accounts and have me add these accounts to the local admin account. That just does not sound right to me, but I don’t have a valid argument against it. Maybe I’m wrong. Anyway, I’m looking for some help in what would be best practice on this. They want to be able to login with their individual accounts because they want to be able to simultaneously log into the same server and do work and with Remote Desktop they would need to do this with separate accounts. I’m just not crazy about having all these profiles on the server.
Setup virtual environments for them using VMware vSphere HyperVisor or m$ Hyper-V. Then they can do whatever they want on those servers, and once things work you can install the software in your main environment.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the feedback, we alreday do have test and developemnt servers, sorry I did not mention that. We decided to setup 4 accounts for them to use that correspond to the major applications and then add these accounts to an AD group and then add that group to the loacl admin group on the servers where they need access.
In general, I'd say it's NOT good practice to use one login where you have the option to do otherwise.