Skip to content

Server admin/security policy

Featured Replies

another one for all you sys admins/it bods..

what kind of policy/practices do you have in place for your servers?

eg do you grant admin rights to the people who look after the box to that box only, or just use the administrator logon?

reason im asking is that weve got to do a review of who has access to what in the company.. theres a handful of people (non IT included) who know the admin password, which is pretty much the same for all servers in the company.

So im thinking main domain-admin passwords gets changed and users get local admin access on the servers they need? so any changes are done under their name and therefore are traceable.

:confused:

We have a different admin password for all the boxes. If a user needs admin rights we just give them local admin. Only me and my line manager know the domain admin password..

  • Author
We have a different admin password for all the boxes. If a user needs admin rights we just give them local admin. Only me and my line manager know the domain admin password..

care to share? :rofl::D

We made it easier on the IT guys here by having our own domain for the purpose of offloading work from the IT dept/having fast independant turnaround of test servers that must be on a domain to function.

We tend to have local admin rights when on the main domain, apart from on 'servers' such as email/file/etc. On those it's more restricted based on the level of access required to do the job.

On our own domain I have full domain admin rights on one account, but the one I normally use only has local admin rights again.

I would always recommend keeping the main admin for the domain very restricted knowledge, and provide access to that only if strictly necessary for the job. If a server is critical to person A but person B doesn't use it, then there is no reason for person B to have admin rights to the box. The main IT admin must have access to all boxes although it all depends on how you run the business.

In a previous company I gained admin rights for the whole domain due to knowing more about the network than the IT staff, in this company it's based on what is reasonable & justifyable access.

Domain admins have their own accounts giving full control on all domain servers (as well as workstations). Each individual server has a secondary password allowing access to that server only, to allow things like backups and software updates to be done by secretarial staff in the event of no admininstrators being in the office. Not ideal, but without full-time IT support on-site (my sys admin job is secondary to my 'proper' job and takes a backseat when other stuff's going on), it's the best we've been able to come up with. :o

Plus we're backed-up from here to eternity, so barring simultaneous arson attacks on all of our offices (or anything similarly catastrophic), there isn't anything that can't be undone in a few hours.

(He says, crossing every possible appendage!!! :nervous: )

care to share? :rofl::D

Sure its t****$* :D

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Important Information

Welcome to BRISKODA. Please note the following important links Terms of Use. We have a comprehensive Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Account

Navigation

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.