General discussion

Locked

Moving to a singel domain model in our o

By john.weber ·
What approach would you take in giving out administrative rights to remote site staff for servers moving into the new single domain? Remember, the local site staff used to have full priviledge but senior management wants to limit their access or ability to create NT or Exchange accounts on servers within the new domain. The local staff would have full admin rights for their local resource servers. Any suggestions would be appreciated. Thank you in advance.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Moving to a singel domain model in our o

by berniel In reply to Moving to a singel domain ...

Before I give you some advice... is it solid that you need to be contained as a Single Domain? I would suggest other options, but I would also like to know how many remote sites we are talking about, their basic functions (i.e. types of resources that need to be managed, and who will need acess to these resources), and connectivity between remote and existing Domain. When are you looking to implement? How many users, and a general idea of hardware that is running your BDC's. Also, are your BDC's currently running, or plan to be doubling as any kind of file and print server? Let me know

Collapse -

Moving to a singel domain model in our o

by john.weber In reply to Moving to a singel domain ...

The question was auto-closed by TechRepublic

Collapse -

Moving to a singel domain model in our o

by Phil MCSE/MCP+I In reply to Moving to a singel domain ...

Try looking at a product called EA Administrator. It is an addon which enhances NT adminstration which allows more control of how you assign rights and resources. Their website is "http://www.serverware.com/EA_Wresource.htm". I work in the IT department of one of the top 10 banks in the U.S. and this is what we use (and it satisfies the auditor's requirements).

Collapse -

Moving to a singel domain model in our o

by john.weber In reply to Moving to a singel domain ...

The question was auto-closed by TechRepublic

Collapse -

Moving to a singel domain model in our o

by randelia In reply to Moving to a singel domain ...

Add the remote IT staff to the Account Operators group of the new domain. Then they will be able manage NT user accounts. The only accounts they can't access are ones that are either admin or other server/print/account operators. You'll probably want them to be Print Operators too so they can deal w/ printer jams, etc.

As far as Exchange goes... I don't know.

Collapse -

Moving to a singel domain model in our o

by john.weber In reply to Moving to a singel domain ...

The question was auto-closed by TechRepublic

Collapse -

Moving to a singel domain model in our o

by Phil MCSE/MCP+I In reply to Moving to a singel domain ...

I inadvertantly posted the wrong web address before. The correct address follows:

Try looking at a product called EA Administrator. It is an addon which enhances NT adminstration which allows more control of how you assign rights and resources. Their website is "http://www.missioncritical.com".

Collapse -

Moving to a singel domain model in our o

by john.weber In reply to Moving to a singel domain ...

The question was auto-closed by TechRepublic

Collapse -

Moving to a singel domain model in our o

by rotocron In reply to Moving to a singel domain ...

There is some good information above! But basically remember if you go to a single domain, the permissions given in global groups are going to be throughout the organization. For example, if you give the remote people "Account Operators" that means they have the permissison to modify accounts not only in thier location, but others as well. And the only limitation would be that they could not touch accounts that have more permission then them, for example YOU in the "Domain Admins" group. But if you have multiple domains with one way trusts, they can have "Domain Admins" level to thier own domain and none (except specified) in your higher level site. And because of a one way trust (they trust you), you can also have full control of thier domain. If you want them to be able to control every aspect, multiple domain's with one way trust relationship's is the best way to go. If you want thier access to be limited but spread out (and again, this is controllable at the resource level), then single domain

Collapse -

Moving to a singel domain model in our o

by john.weber In reply to Moving to a singel domain ...

The question was auto-closed by TechRepublic

Back to Windows Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Operating Systems Forums