Announcement

Collapse
No announcement yet.

Account for IT contractors

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Account for IT contractors

    Here is my situation:

    We have several locations in two states. Currently we have an out sourced IT company assisting us with all facets of daily IT life.

    Right now they have Administrative rights to everything. We want to change that. I'd like to change the Administrator password and retire the account from daily use. In doing this we'll need to create two accounts. One for us internal IT guys, there are only two of us, and one for the out sourced guys.

    What groups should I make the out sourced account a member of? I donít want to give them too much power. I was thinking Server Operators and Account operators would give them the access they need to create users and perform maintenance on servers.

    Have any of you been in this situation? If so, could you offer some advice and suggestions?

    Thank you

  • #2
    Re: Account for IT contractors

    What Server O/S are you using?
    What access do these guys need to be able to fully do their job?
    I remember with NT 4.0 Server you could put restrictions on an Administrator account and make them a sort of Junior Administrator. It stopped them from getting into places that could harm the Server, like Regedit and Regedt32. Don't know if this is available in 2003 & 2008.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: Account for IT contractors

      There are options for delegating authority to standard user accounts and things like that. Might be a better option if you have a very small and specific set of tasks they are allowed to perform.

      I'd also recommend you and your colleague have seperate administrative accounts as well as your normal logon account. It's better practice, as then there is a clear audit trail of who has done what. As you rightly state the default Administrator account should not be used for everyday tasks.
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      sigpic
      Cruachan's Blog

      Comment


      • #4
        Re: Account for IT contractors

        We have a 2003 domain. I'm wanting the contracted company to be able to add, delete, and modify users. Occassionally they'll need to restart and install software on servers

        I'm trying to setup a test domain that I can play with because right now we only have our production enviroment

        Will all the setup and configuration be done in a GPO? I have several policies now for workstation configuration/lock down but have never done anything with accounts before.

        Thanks guys

        Comment


        • #5
          Re: Account for IT contractors

          Server Operator doesn't sound like a good idea unless these guys are not too bright and if that is the case you really don't want them anyway.
          http://www.tech-archive.net/Archive/.../msg01123.html
          http://windowsitpro.com/article/arti...operators.html

          Account Operator may be an option but they are very limited in what they can do and I don't think that includes installing software. May need a GPO applied to them to allow that and Server Shutdown/Reboots.
          1 1 was a racehorse.
          2 2 was 1 2.
          1 1 1 1 race 1 day,
          2 2 1 1 2

          Comment

          Working...
          X