Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password control 1

Status
Not open for further replies.
Gardener1

Gardener1

IS-IT--Management
Apr 21, 2009
54
US
We have 6 admins one per site. the problem is they are making changes to AD and other devices with out anyone knowing about it, if there change works the go to the top of the hill and shout it was me that fix the problem, if their change breaks something they do not tell anyone and act like they did nothing. How does your companies control the changes and password.

What we would like to start doing is use a change management form to be filled out by anyone needing to make changes, then we will give them the password when they are done we will change the password. what do you think?
 
Sort by date Sort by votes
Being you are using AD then you can us Group Policy and delegate permissions to the admins that only need what you give them.
 
Upvote 0 Downvote
Make sure each admin has a unique username and password. Do not allow admins to use the Administrator account. Crank up auditing. Use a 3rd party product like Netwrix Active Directory Change Reporter, and Group Policy Change Reporter. Those products are freeware and payware, the freeware doesnt tell you who did it but it will tell you what was done.




RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen
 
Upvote 0 Downvote
Are you the administrator of the Parent Domain?
Then you can you can try this.

If the site admins are meant to administer specific roles, then restrict such admin to that role only - say DNSadmin etc.
Then change the Domain Administrator's password.



 
Upvote 0 Downvote
How do you guy/gals setup your IT staff. all of ours staff has domain admin.

1. we have helpdesk support (only work on computers)
2. we have site admins (now need to allow these users to change anything in AD.
 
Upvote 0 Downvote
Can you give me some hints on how to use GPO to setup the admins so that they cannot make any GPO changes?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
145
strongm
strongm
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
429
fightaccording
fightaccording
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
179
penguinroundup
penguinroundup
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
528
fredmartinmaine
fredmartinmaine
TECHMAN007
  • Locked
  • Question
RD Web Password Change
Replies
0
Views
142
TECHMAN007
TECHMAN007

Part and Inventory Search

Sponsor

Back
Top