Re: How to give "View" access to all my servers in my domain?

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 10/05/05 

Date: Tue, 4 Oct 2005 19:34:03 -0700

Hi Madjid
I can see the business case, now that you have opened my eyes
beyond this being a corp internal audit type of need.
I believe that the best you will be able to come up with is to have
some reporting that summarizes all that is of interest but that cannot
be granted without over-allocation of privilege, and there definitely
be a number of such areas.
Roger

"Madjid" <Madjid@discussions.microsoft.com> wrote in message
news:FEB2D244-A86B-464B-AD69-F1CA63836259@microsoft.com...
> Hi Roger
>
> It's not a matter of trust. The problem is that these guys' ore customers
> and they just want to have this ability to look at their own servers.
> Somehow
> I can understand their need of keeping truck of what is happening and that
> they also need this control for moving the business forward.
>
> But they do probably not want to be blamed for anything in case of, and
> that's why they don't want to be able to change anything.
>
> However, I am starting to see that this is not an easy task. But I am
> still
> interested to know if anyone else has succeeded in doing it.
>
> Regards
> Madjid
>
>
> "Roger Abell [MVP]" skrev:
>
>> and . . . after you address "DNS, WIND and DHCP" (wins ?) the
>> current issues, then you will find that they want to review the metabase
>> of IIS, the COM+ component config, AD at an AdsiEdit level, . . .
>> where will it end ??
>>
>> as for making it possible for a non-admin to log into a DC, that is no
>> problem whatsoever - just grant then the log in locally right for DCs
>> in a DC OU linked GPO, and grant RDP login
>>
>> It seems to me that the problem is not solvable, except by addressing
>> it directly and getting them to understand that they are not sufficiently
>> knowlegable to make use of the access they are demanding (or, if
>> they are, then what is the problem with trusting them?)
>>
>> "Madjid" <Madjid@discussions.microsoft.com> wrote in message
>> news:39BE8654-255E-4CB1-8912-08EEFFCD9220@microsoft.com...
>> > Hi all
>> >
>> > I need help with this one. It's a crazy one.
>> >
>> > I need to give "View" access to all my servers in my domain, to a few
>> > people.
>> > So basically, these people should be able to login to all my servers,
>> > including my domain controllers and be able to see and browse all the
>> > resources without being able to change any settings or destroy anything
>> > for
>> > me.
>> >
>> > I have done the following.
>> >
>> > - Created a domain user account called "MR.X"
>> > - Put MR.X in the local "Remote Desktop User" group
>> >
>> > By this, I accomplished giving the user logon rights and also being
>> > able
>> > to
>> > look around in most of the places, but for DNS, WIND and DHCP, I need
>> > to
>> > give
>> > the user separate access and permissions. But in this way, the user has
>> > more
>> > rights than I would like him to have.
>> >
>> > And also my biggest problem is to make this user able to log on to my
>> > domain
>> > controllers.
>> >
>> > Is this anything that MS has thought about?
>> > Is there an easy way to give people (IT managers and so on) access to
>> > look
>> > but not to touch?
>> >
>> > Any one who knows how to fix this problem?
>> >
>> > Regards
>> > Madjid
>> >
>>
>>
>>

Relevant Pages

  • Re: up to my neck
    ... The gods have made us mad wrote: ... crash are going to take years to recover, no work, business is really flat, presumably because our customers are mostly in the same boat so the business will have to go. ... Close you eyes, tightly shut. ...
    (uk.politics.misc)
  • Re: Anorak Alert
    ... The worst thing about this whole business is that the police rely on ... the general public as their eyes and ears. ... next week in Parliament I expect Charles Clark to announce a ...
    (uk.railway)
  • Re: up to my neck
    ... crash are going to take years to recover, no work, business is really flat, presumably because our customers are mostly in the same boat so the business will have to go. ... Close you eyes, tightly shut. ...
    (uk.politics.misc)
  • Re: Republican Holy War cost est.: $5-7 trillion
    ... Ethics are in the eyes of the beholder. ... war as a business and the death-for-profits motive then, by all means, ...
    (rec.gambling.poker)
  • Re: So long Raining Data. Hello TigerLogic Corporation.
    ... business. ... (rolls eyes.) ... Let's set the timer, to ...
    (comp.databases.pick)
Quantcast