Re: How to give "View" access to all my servers in my domain?
From: Madjid (Madjid_at_discussions.microsoft.com)
Date: 10/04/05
- Next message: Robert Moir: "Re: MAC computer access windows server"
- Previous message: Ray: "MAC computer access windows server"
- In reply to: Roger Abell [MVP]: "Re: How to give "View" access to all my servers in my domain?"
- Next in thread: Roger Abell [MVP]: "Re: How to give "View" access to all my servers in my domain?"
- Reply: Roger Abell [MVP]: "Re: How to give "View" access to all my servers in my domain?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 4 Oct 2005 11:55:03 -0700
Hi Roger
It’s not a matter of trust. The problem is that these guys’ ore customers
and they just want to have this ability to look at their own servers. Somehow
I can understand their need of keeping truck of what is happening and that
they also need this control for moving the business forward.
But they do probably not want to be blamed for anything in case of, and
that’s why they don’t want to be able to change anything.
However, I am starting to see that this is not an easy task. But I am still
interested to know if anyone else has succeeded in doing it.
Regards
Madjid
"Roger Abell [MVP]" skrev:
> and . . . after you address "DNS, WIND and DHCP" (wins ?) the
> current issues, then you will find that they want to review the metabase
> of IIS, the COM+ component config, AD at an AdsiEdit level, . . .
> where will it end ??
>
> as for making it possible for a non-admin to log into a DC, that is no
> problem whatsoever - just grant then the log in locally right for DCs
> in a DC OU linked GPO, and grant RDP login
>
> It seems to me that the problem is not solvable, except by addressing
> it directly and getting them to understand that they are not sufficiently
> knowlegable to make use of the access they are demanding (or, if
> they are, then what is the problem with trusting them?)
>
> "Madjid" <Madjid@discussions.microsoft.com> wrote in message
> news:39BE8654-255E-4CB1-8912-08EEFFCD9220@microsoft.com...
> > Hi all
> >
> > I need help with this one. It's a crazy one.
> >
> > I need to give "View" access to all my servers in my domain, to a few
> > people.
> > So basically, these people should be able to login to all my servers,
> > including my domain controllers and be able to see and browse all the
> > resources without being able to change any settings or destroy anything
> > for
> > me.
> >
> > I have done the following.
> >
> > - Created a domain user account called "MR.X"
> > - Put MR.X in the local "Remote Desktop User" group
> >
> > By this, I accomplished giving the user logon rights and also being able
> > to
> > look around in most of the places, but for DNS, WIND and DHCP, I need to
> > give
> > the user separate access and permissions. But in this way, the user has
> > more
> > rights than I would like him to have.
> >
> > And also my biggest problem is to make this user able to log on to my
> > domain
> > controllers.
> >
> > Is this anything that MS has thought about?
> > Is there an easy way to give people (IT managers and so on) access to look
> > but not to touch?
> >
> > Any one who knows how to fix this problem?
> >
> > Regards
> > Madjid
> >
>
>
>
- Next message: Robert Moir: "Re: MAC computer access windows server"
- Previous message: Ray: "MAC computer access windows server"
- In reply to: Roger Abell [MVP]: "Re: How to give "View" access to all my servers in my domain?"
- Next in thread: Roger Abell [MVP]: "Re: How to give "View" access to all my servers in my domain?"
- Reply: Roger Abell [MVP]: "Re: How to give "View" access to all my servers in my domain?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
