Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Server Admin Rights

Status
Not open for further replies.
kineticnrgynx

kineticnrgynx

IS-IT--Management
Mar 24, 2003
17
0
0
US
We have contract workers comming in to do some work on a couple of our servers. (Neither of those servers are DC's) I am wanting them to be able to login and be able to administrate ONLY those machines while they are here. Since servers don't really have a local set of users/permissions, I'm planning on doing this all through AD. I've created the user account with admin rights and have restricted the "logon to" rights to just those two servers. This will keep them out of the other servers locally, but I really don't want them to have admin rights and be able to see everything on the network. I was thinking of creating another group they could be a member of, and setting all the other servers on the network to deny for that group. This would keep them out of everything else.

I am wanting them to be able to access all the files on JUST those two machines, and administrate them... But I don't want to have to babysit them at all times.

This is my solution.... But, does anyone have a better solution, or more secure/efficient solution?
 
Sort by date Sort by votes
If the servers are not DC's then you can assign them Power User rights to the servers. Only create unique local logons for them on the two comps and have them logon locally. That prevents them access to your network, and only allows them access to local files. Hewissa

MCSE, CCNA, CIW
 
Upvote 0 Downvote
You can't create local users on servers can you? I was looking and cannot find that.
 
Upvote 0 Downvote
Oops, forgot, I can add local users in "Manage" on my server.

 
Upvote 0 Downvote
When I had a similar situation here I used the second group option and denied access through ntfs on any share that I did not want them to have access to.
 
Upvote 0 Downvote
Thanks guys and gals for all your help... I figured it out at the last minute on my own. I assigned local users to the two specified servers using the management console, and assigned them both the same username and pw. That way I could go to either machine, log in and easily browse both machines without having to use extra usernames and pw's since the two match on both machines windows doesn't even prompt for one.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Question
Server Remote Desktop License
Replies
0
Views
104
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
119
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
144
suncit
suncit
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
80
ADB100
ADB100
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
101
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top