Active Directory - Role Based Administration?
Next message: katak: "handles in Task Manager"
From: rpage@challengergroup.com (PaGeY)
Date: 22 Apr 2003 17:48:05 -0700
My problem lies with creating roles for our IT staff. 4 sites, 30
Support staff and network admins, engineers etc. Obviously putting all
the staff in the "Domain Admins" group is not an option. I have
developed a Matrix of which staff member needs access to what
component of the network, and have determined the security groups
required to satisfy the matrix. It bascially turned into 4 "Roles";
Support Technician, Support Centre Manager, Network Engineer, and
"Full System Admin". But actually gettting these groups to work is
proving VERY difficult within AD (Active Directory). I have been able
to get some aspects working using a combination of Domain Policies and
Manually specified permissions on OU's. The AD delegation wizard
simply doesn't work for me. Anyone feel my pain? Would love to hear
from anyone bashing their head against the same wall.....
PaGeY
Next message: katak: "handles in Task Manager"
Relevant Pages
- Re: Roles Engineering for Active Directory
... roles for our IT staff. ... Obviously putting all the staff in the "Domain Admins" ... member needs access to what component of the network, ... Support Technician, ...
(comp.os.ms-windows.nt.admin.security) - Re: Certified Media Placement Specialist - Were happy to help
... venture untill you are able to prove that this is a legit business ... This caused chaos with our staff and distracted us from being able ... to provide the best support to our members and clents who ... offering ongoing support and media coaching. ...
(misc.consumers) - Re: Certified Media Placement Specialist - Were happy to help
... venture untill you are able to prove that this is a legit business ... the support and infrstructure we provide! ... This caused chaos with our staff and distracted us from being able ... offering ongoing support and media coaching. ...
(misc.consumers) - Re: Need advice on limiting logins by users
... Even though you may have taken precautions to prevent the person from accessing domain resources, I think you put your network at risk by allowing "strangers" any access whatsoever to your production domain. ... So what I would propose is to take some number of those shared PCs and dedicate them solely to workers who don't require their own accounts on your domain. ... We have 4 PC's in a work room for projects, temp staff, etc. and the staff member will take them in and login with their login info and go back to work, leaving the kid alone. ...
(microsoft.public.windows.server.sbs) - Re: Need advice on limiting logins by users
... Even though you may have taken precautions to prevent the person from accessing domain resources, I think you put your network at risk by allowing "strangers" any access whatsoever to your production domain. ... I have a guest wireless network that is isolated from our production LAN. ... We have 4 PC's in a work room for projects, temp staff, etc. and the staff member will take them in and login with their login info and go back to work, leaving the kid alone. ...
(microsoft.public.windows.server.sbs) |
|
