Jump to content

Question about admin rights

Guest Mally P

By Guest Mally P
in Windows 2003 Server

 Share

Recommended Posts

Guest Mally P

Guest Mally P

Posted
Posted

Hi All,

 

I work for a support company who provides support for a customer who have

offices all over the world. There are no problems with this, the

infrastructure works great. However, we only administer the UK branches as

the states generally look after everything else. As part of some auditing

taking place, they only want admin rights granted to select users, and the

account assigned to us is not one of them unless we can prove that we

specifically need them. Really all we ever need to do is administer those UK

servers and services (DNS, DHCP etc) and not the forest, in which case what

rights could we get away with using to do these tasks? Can we use anything

less than a domain admin without encountering access issues?

 

Your thoughts are appreciated

 

Thanks in advance

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Anthony

Guest Anthony

Posted
Posted

Re: Question about admin rights

 

Hi Mally,

This is a common problem. You need to agree on the range of tasks you are

supposed to perform, then you can sort out access rights for them. There are

extremely few you need domain admin rights for, but there are some and you

would need to agree who does what. Some tasks have pre-defined roles, like

DNS and DHCP administrator, or server backup operator. Some require

delegation in AD. Some can't be done, like installing software updates on a

DC, promote a new domain controller etc.

You can probably do everything you need if they agree to administer the DC's

and you get what you need delegated to you,

Anthony, http://www.airdesk.co.uk

 

 

 

 

"Mally P" <nomail@thank.you> wrote in message

news:eY$Pj90CIHA.4584@TK2MSFTNGP03.phx.gbl...

> Hi All,

>

> I work for a support company who provides support for a customer who have

> offices all over the world. There are no problems with this, the

> infrastructure works great. However, we only administer the UK branches as

> the states generally look after everything else. As part of some auditing

> taking place, they only want admin rights granted to select users, and the

> account assigned to us is not one of them unless we can prove that we

> specifically need them. Really all we ever need to do is administer those

> UK servers and services (DNS, DHCP etc) and not the forest, in which case

> what rights could we get away with using to do these tasks? Can we use

> anything less than a domain admin without encountering access issues?

>

> Your thoughts are appreciated

>

> Thanks in advance

>

>

Guest Mally P

Guest Mally P

Posted
Posted

Re: Question about admin rights

 

thanks very much for your reply. I think they are going to have to leave us

with dom admin rights!

 

thanks again

Guest Anthony

Guest Anthony

Posted
Posted

Re: Question about admin rights

 

Its a pleasure

"Mally P" <nomail@thank.you> wrote in message

news:Osrudi1CIHA.5856@TK2MSFTNGP04.phx.gbl...

> thanks very much for your reply. I think they are going to have to leave

> us with dom admin rights!

>

> thanks again

>

>

 Share
Go to topic listing
×
×
  • Create New...