We have a contractor who is working - and will continue to work on for a few months - installing a new SAGE accounting package on one of our SQL member servers. They have asked for a *domain administrator* level account if possible. My gut says no - but not sure the best option of giving them domain account credentials that will permit them to make changes to this SQL server application as needed.
Looking for the most secure means of providing them a domain account that will permit them to work on this installation project - but yet maintain proper security practices for this type request. They've been working on the project for a few months using another company employees account credentials (which has domain admin level privileges) - so not sure how best to handle this request.
Best advice appreciated -