Re: Roles Engineering for Active Directory
Next message: PaGeY: "Active Directory - Role Based Administration?"
From: rpage@challengergroup.com (PaGeY)
Date: 22 Apr 2003 17:45:25 -0700
Very interested in what you are doing. Not soooo much from the end
user Roles (Sales clerks etc) aspect, my problem lies with creating
roles for our IT staff. 4 sites, 30 Support staff and network admins,
engineers etc. Obviously putting all the staff in the "Domain Admins"
group is not an option. I have developed a Matrix of which staff
member needs access to what component of the network, and have
determined the security groups required to satisfy the matrix. It
bascially turned into 4 "Roles"; Support Technician, Support Centre
Manager, Network Engineer, and "Full System Admin". But actually
gettting these groups to work is proving VERY difficult within AD
(Active Directory). I have been able to get some aspects working using
a combination of Domain Policies and Manually specified permissions on
OU's. The AD delegation wizard simply doesn't work for me. Anyone feel
my pain? Would love to hear from anyone bashing their head against the
same wall.....
PaGeY
Next message: PaGeY: "Active Directory - Role Based Administration?"
Relevant Pages
- Active Directory - Role Based Administration?
... My problem lies with creating roles for our IT staff. ... Support staff and network admins, ...
(comp.os.ms-windows.nt.admin.security) - Re: Certified Media Placement Specialist - Were happy to help
... venture untill you are able to prove that this is a legit business ... This caused chaos with our staff and distracted us from being able ... to provide the best support to our members and clents who ... offering ongoing support and media coaching. ...
(misc.consumers) - Re: Certified Media Placement Specialist - Were happy to help
... venture untill you are able to prove that this is a legit business ... the support and infrstructure we provide! ... This caused chaos with our staff and distracted us from being able ... offering ongoing support and media coaching. ...
(misc.consumers) - Re: Need advice on limiting logins by users
... Even though you may have taken precautions to prevent the person from accessing domain resources, I think you put your network at risk by allowing "strangers" any access whatsoever to your production domain. ... So what I would propose is to take some number of those shared PCs and dedicate them solely to workers who don't require their own accounts on your domain. ... We have 4 PC's in a work room for projects, temp staff, etc. and the staff member will take them in and login with their login info and go back to work, leaving the kid alone. ...
(microsoft.public.windows.server.sbs) - Re: Need advice on limiting logins by users
... Even though you may have taken precautions to prevent the person from accessing domain resources, I think you put your network at risk by allowing "strangers" any access whatsoever to your production domain. ... I have a guest wireless network that is isolated from our production LAN. ... We have 4 PC's in a work room for projects, temp staff, etc. and the staff member will take them in and login with their login info and go back to work, leaving the kid alone. ...
(microsoft.public.windows.server.sbs) |
|
