I have a DBA and some developers that believe my Network Admin is too restrictive in what privilges he allows them to have on our NT/2000 domain.
He doesn’t allow them to stop or start processes or view event logs on the servers. He also doesn’t allow them to login locally on servers. I don’t think he’s out of line, but am not positive and need some outside information to help make a case either way.
Does anyone have any good articles, or experiences that they would like to share that will help in this debate?