Link to home
Start Free TrialLog in
Avatar of wifiit
wifiitFlag for Afghanistan

asked on

Admin user accounts

Hi,
We have contractors installing PC's onsite and I want to them an admin account which will allow them to add pc's to our domain and local admin rights over those PC's for software installation. I don't however want that account to be able to login locally to any server.

Can I just create a domain admin account and deny local login on each server or is there a better route?

Thanks for you help.
SOLUTION
Avatar of Radhakrishnan
Radhakrishnan
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of w_richard
w_richard

What are you doing in your environment and if you do deny local admin rights, how do you handle when you or the user has to install software? Must you logout and back in as the local admin

Just use the 'Run As" option, no need to log out and back in with an admin account

as for the other headaches . Proper patch management should take care of that. If fact I think giving them admin right creates more headaches, there is so much crap they could do I you will have no idea wear to start

Refer this link...

http://technet.microsoft.com/en-us/magazine/2006.01.securitywatch.aspx

Thanks.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial