• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 404
  • Last Modified:

Increased permissions for Jr Systems administrator in Windows Environment

I am currently the administrator for a 100 employee busineess runnig strictly Windows platform: Exchange, SQL, Server 2003/08 and WIndows XP/7.

Right now I have full admin rights and the remainder of the staff have standard user rights.

I plan on hiring a jr support tech, and I want to give him some elevated privilages, which I have never done.  Is there a best practice on this, or basic steps.  I want him to be able to add/remove computers to the domain, add/modify users to Active Directory, but I of course dont want to give him the administrator password.
0
Bekster
Asked:
Bekster
1 Solution
 
Mike KlineCommented:
You could use delegation or use builtin groups.   In this case you can add him to account operators

You can delegate adding machines too

John has the two ways you do it here

http://www.windowsitpro.com/article/jsifaq/jsi-tip-8144-how-can-i-allow-an-ordinary-user-to-add-a-computer-to-a-domain-.aspx

One is through group policy and the user rights assignment

The other is the delegation

Create a group called "addMachines" (just an example) and use one of the methods to give that group the rights

thanks

Mike
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now