Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Issues when ADMIN has limited rights?

Status
Not open for further replies.
DanMc

DanMc

MIS
Sep 15, 2000
95
US
I have seen many people discussing how to delegate rights to sub-admins and such. However, our chief admin has chosen to limit *THE* admin account's rights. He has removed write rights to the root of the tree, and now uses his user object (a trustee of the tree) to do everything. Is this dangerous? Specifically, don't the servers access each other via the admin account? When we added the servers to the tree, we of course used the admin account. If the admin account's rights are limited, is the tree health at risk? A more general question would be, when servers talk, do they ever talk as admin? Or is the fact that they are already members of the tree enough?

We departmental admins have been seeing a number of NDS corruption issues. (tree dissapearing from one of the servers, changes to objects sometimes revert) The problems are too infrequent to say for sure that they are caused by admin reduced rights. We still do a lot of stuff on the dept branches of the tree as admin and it generally works fine. [sig][/sig]
 
Sort by date Sort by votes
First, NDS is flexible enough that you can actually delete the ADMIN user and still have a perfectly functioning tree as long as you have an account with appropriate Trustee rights to the tree. No, the servers do not use ADMIN to write data to NDS. It is a kernel function of the OS that allows the servers to communicate with each other and NDS. WHen you are adding servers to the tree you should use an account that has WRITE priviliges. This is especially true if you need to preform a schema extension!

THIS DOES NOT MEAN THAT MODIFYING THE ADMIN RIGHTS IS A GOOD THING!!! You are better off changing the password or moving the user to a container to enhance security. There is no hard and fast rule about this but Novell will seriously discourage changing ADMIN rights.

About NDS corruption problems, there are utilities that you can get that will track NDS changes. This will allow you to see a change take place and track what function/user/process forces the change to revert. There could be many reasons for tree corruption including the version of NWADMIN you are using. It is a very good idea to perform a NDS Health check on a scheduled basis. There is a Novell TID about this. [sig][/sig]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Luvsql
  • Locked
  • Question
Citrix Online Plugin Screensize issues with widescreen monitors
Replies
0
Views
82
Luvsql
Luvsql
Luvsql
  • Locked
  • Question
Excel issues
Replies
0
Views
67
Luvsql
Luvsql
Robinbird57
  • Locked
  • Question
Limit rights to specific DataBases on a directory
Replies
1
Views
68
Provogeek
Provogeek
andrewfr
  • Locked
  • Question
Sub admin role - NetWare 6.5
Replies
1
Views
53
marvhuffaker
marvhuffaker
mdutch
  • Locked
  • Question
winbind issues under Ubuntu
Replies
1
Views
74
mdutch
mdutch

Part and Inventory Search

Sponsor

Back
Top