locking out a user from SBS2011

Posted on 2014-08-03
Last Modified: 2014-11-11
Hi all.

We administer a client and we have an employee of that business who requires administrative access to two of the four servers.

Unfortunately this employee is a major pain in the rear - very much a loose cannon and a 'lets just delete that registry key and see what happens' type of person.

This person does not need access to the SBS2011 server and file server but seems to log on just to scare the hell out of me and to mess around.

My question is, can we restrict (Not able to log-on) this users access to the SBS2011 server and the file server (Server 2008 R2) even though they are network administrators ( they require this access for the other servers)

Thank you
Question by:AndyKeen
    LVL 9

    Expert Comment

    remove him from the administrator group and put him in the super user group, then grant him certain access permission that allows him to carry out his task, without admin rights.
    LVL 95

    Accepted Solution

    There is no "Super User" group.

    DO NOT give him "Domain Administrator" rights.

    Only place him in the Administrators group of the servers he needs access to.

    I would:
    1. Give all users - ALL USERS - a domain USER account ONLY.
    2. Create LOCAL accounts on the servers users need admin access to for those users - and place them in the local Administrators group of that server

    Doing #2 forces them to use the admin account when necessary and doesn't permit them to EASILY and ALWAYS have admin rights.
    LVL 21

    Assisted Solution

    by:David Atkin
    I'd agree with Lee here.  Such a person should not be allowed to log on the servers.  It will bite you in the ass at some point.

    I am presuming he is not using the network admin account for his day to day activities?  I would give him an emergency admin account and change the password regularly to prevent him from just logging on whenever.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer:…
    Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now