 | Member with 1 posts. THREAD STARTER | | | |
local admin group management Hi guys,
I’ve a question regarding local admin group management.
Suppose a user is responsible for managing some application installed on a server. The user doesn’t normally need to change server configuration like IP address, time settings and so (i.e. privileges).
For Microsoft applications like SharePoint or for servers like IIS I can use the preconfigured groups. But suppose we’re talking about some third party application and I can’t know for sure what kind of access the user need.
Maybe the user need to install something and thus require modify permission to some files also the installation may need to change some registry values and configure services.
For example, one of the application owners in my organization needs to connect some constructor to perform some maintenance on a server. Of course I can limit his access but what if he need perform installation of software or change some registry? In any case the application owner will have to find some system administrator to connect him with the needed level of access.
So as we can see I need to find a way to combine permissions and privileges.
My question is what is the correct approach in this situation?
1. Are there any best practices or guide lines for this issue? I’ve searched many forums but wasn’t able find some clear approach and best practices.
2. Is it acceptable to give application owner or developers local admin permissions? Maybe it’s the way to go and I’m wasting my time here.
3. What is the common way to deal with this situation? Is it acceptable to give a user local admin rights or should an IT person connect the user with elevated permissions when required?
Any information or reference to information in this matter will be really appreciated.
Thanks |
