Temporary administrator privileges active directory 2008
Hi!
I wonder if someone knows if there is any builtin feature in ad 2008 that supports temporary admin privileges?
Our clients is windows 7.
I wonder if someone knows if there is any builtin feature in ad 2008 that supports temporary admin privileges?
Our clients is windows 7.
Neil Russell
Temp admin priveleges where? what for? please explain what you need in more details.
ASKER
Hi!
It is on my windows 7 clients.
I want to use it when a user needs to install a minor application or device.
For example an imbedded driver for usb-drive, camera or broadband device or lets say google earth. Just as an example.
Our policy is that users shall not be administrators on their local pcs but we see that they need to be sometimes and when they aren't they put a heavy load on our helpdesk.
One aproach is that they call our helpdesk and obtain it for some time or through a serviceportal and they get administrator privileges for an hour or a day and they then agrees to our terms and we get a receipt that they accepted.
Do I make any sense? :-)
It is on my windows 7 clients.
I want to use it when a user needs to install a minor application or device.
For example an imbedded driver for usb-drive, camera or broadband device or lets say google earth. Just as an example.
Our policy is that users shall not be administrators on their local pcs but we see that they need to be sometimes and when they aren't they put a heavy load on our helpdesk.
One aproach is that they call our helpdesk and obtain it for some time or through a serviceportal and they get administrator privileges for an hour or a day and they then agrees to our terms and we get a receipt that they accepted.
Do I make any sense? :-)
Once you give a user admin they have the ability to create local admin accounts and basically have free reign on the machine.
If you aren't already using one I suggest using some type of remote control software at your helpdesk so it is easier to address these requests remotely. Dameware and teamviewer are a couple that work well.
Unfortunately not having admin means more helpdesk calls. You either sacrifice security and give them admin or do the installs.
If you aren't already using one I suggest using some type of remote control software at your helpdesk so it is easier to address these requests remotely. Dameware and teamviewer are a couple that work well.
Unfortunately not having admin means more helpdesk calls. You either sacrifice security and give them admin or do the installs.
ASKER
Thanks for your answer.
Yeah, we are aware of that securityproblem and as you say, it increases calls.
My question is still, can it be done in AD 2008/win7?
We have a tool to remotely administer our clients today (Netop) and it works fine but takes time our helpdesk doesn't have or will have in the future so we are looking for ways to do it.
Yeah, we are aware of that securityproblem and as you say, it increases calls.
My question is still, can it be done in AD 2008/win7?
We have a tool to remotely administer our clients today (Netop) and it works fine but takes time our helpdesk doesn't have or will have in the future so we are looking for ways to do it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I had something like that in mind as well as a workaround to solve it.
I heard on a seminar a couple of years ago held by microsoft that AD 2008 could have a feature for doing this.
But i can be wrong, I accept your solution, thanks!
I heard on a seminar a couple of years ago held by microsoft that AD 2008 could have a feature for doing this.
But i can be wrong, I accept your solution, thanks!