Re: Admin access for users in case of emergency?

From: bill (bill_at_discussions.microsoft.com)
Date: 08/20/04 

Date: Fri, 20 Aug 2004 06:33:01 -0700

Thanks Miha, that was the exact response I got from managment. However, the
other day I had to leave and a manager's PC was acting funny, so he decided
he wanted to reboot the server, before calling me. I guess my concern is that
there is a large possibility for abuse, and where does one draw the line? How
should policy reflect this?

"Miha Pihler" wrote:

> Hi Bill,
>
> Sorry, but I agree with your management, still I understand you. I was in
> same situation few times in last few years.
>
> You should create full administrator (also for any other services that use
> separate accounts) and write down necessary information and store it in safe
> place (like safe).
> In case of an accident (e.g. I get hit by a car or have accident while
> mountain biking) my company still has to live on.
>
> You should also write down basic configuration and information of your
> network that someone else may be able to use in case you are away. This
> information should also be stored on second location. I remember one of my
> clients had all processes written down including server restore procedures.
> This was available on intranet. Problem was that the only server that died
> was intranet and they didn't have hard copy of restore procedures...
>
> Mike
>
> "bill" <bill@discussions.microsoft.com> wrote in message
> news:19ADFED3-5FE6-45AE-9396-3B99D2A439CA@microsoft.com...
> > Hello list,
> >
> > This is somewhat of a security management question. I am the sysadmin for
> a
> > small, 14 user group office running typical MS backoffice products and
> > various other networking equipment. Recently I've been asked to write up a
> > document that can be referred to, in the case of an emergency or that I am
> > unreachable, for tasks such as rebooting servers and equipment. I've also
> > been asked to create a generic admin account, which the password would be
> > locked in a safe. Somehow, this doesn't feel right with me, giving admin
> > access to regular users, however I can't seem to get management on my
> side.
> > Am I right to think this way, and if so what kind of procedure or solution
> > can I provide that can both satisfy the requirement that the office must
> go
> > on without me in case of failure but at the same time limit admin
> privileges?
> > Thanks very much in advance.
>
>
>

Relevant Pages

  • Re: Admin access for users in case of emergency?
    ... Sorry, but I agree with your management, still I understand you. ... place (like safe). ... clients had all processes written down including server restore procedures. ... Somehow, this doesn't feel right with me, giving admin ...
    (microsoft.public.security)
  • Re: Secure host newbie - fun - humm
    ... decision, as the admin, whether or not to take down the server. ... Listen, as a security specialist, I *know* that every single box that I, ... some level of risk and that there is no "100% I'm secure" level. ...
    (Security-Basics)
  • Re: Server Operator Role
    ... domain admin and then keep in mind that a domain admin can get Enterprise Admin ... Joe Richards Microsoft MVP Windows Server Directory Services ... The server operator role allows ... the group cannot run the TS Policy. ...
    (microsoft.public.win2000.active_directory)
  • Re: Two Server Setup Question.
    ... That external trust factor thing ... get your admin domain up first. ... Microsoft Certified Trainer, Microsoft MVP - Windows ... Microsoft Windows & SQL Server Advisory Panel Member ...
    (microsoft.public.windows.server.setup)
  • Re: Two Server Setup Question.
    ... That external trust factor ... get your admin domain up first. ... Microsoft Certified Trainer, Microsoft MVP - Windows ... Microsoft Windows & SQL Server Advisory Panel Member ...
    (microsoft.public.windows.server.setup)