1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

local admin group management

Discussion in 'General Security' started by Lico, Jul 11, 2012.

Thread Status:
Not open for further replies.
  1. Lico

    Lico Thread Starter

    Jul 11, 2012
    Hi guys,
    I’ve a question regarding local admin group management.
    Suppose a user is responsible for managing some application installed on a server. The user doesn’t normally need to change server configuration like IP address, time settings and so (i.e. privileges).
    For Microsoft applications like SharePoint or for servers like IIS I can use the preconfigured groups. But suppose we’re talking about some third party application and I can’t know for sure what kind of access the user need.
    Maybe the user need to install something and thus require modify permission to some files also the installation may need to change some registry values and configure services.
    For example, one of the application owners in my organization needs to connect some constructor to perform some maintenance on a server. Of course I can limit his access but what if he need perform installation of software or change some registry? In any case the application owner will have to find some system administrator to connect him with the needed level of access.
    So as we can see I need to find a way to combine permissions and privileges.
    My question is what is the correct approach in this situation?

    1. Are there any best practices or guide lines for this issue? I’ve searched many forums but wasn’t able find some clear approach and best practices.
    2. Is it acceptable to give application owner or developers local admin permissions? Maybe it’s the way to go and I’m wasting my time here.
    3. What is the common way to deal with this situation? Is it acceptable to give a user local admin rights or should an IT person connect the user with elevated permissions when required?
    Any information or reference to information in this matter will be really appreciated.

  2. lunarlander


    Sep 21, 2007
    A developer would only have admni rights to a test server in a test network where he can try out his application. Then when the application is ready, he writes the procedures down and hand it over to the IT admin who handle all administration of the application on the live serer.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1060515