kineticnrgynx
IS-IT--Management
We have contract workers comming in to do some work on a couple of our servers. (Neither of those servers are DC's) I am wanting them to be able to login and be able to administrate ONLY those machines while they are here. Since servers don't really have a local set of users/permissions, I'm planning on doing this all through AD. I've created the user account with admin rights and have restricted the "logon to" rights to just those two servers. This will keep them out of the other servers locally, but I really don't want them to have admin rights and be able to see everything on the network. I was thinking of creating another group they could be a member of, and setting all the other servers on the network to deny for that group. This would keep them out of everything else.
I am wanting them to be able to access all the files on JUST those two machines, and administrate them... But I don't want to have to babysit them at all times.
This is my solution.... But, does anyone have a better solution, or more secure/efficient solution?
I am wanting them to be able to access all the files on JUST those two machines, and administrate them... But I don't want to have to babysit them at all times.
This is my solution.... But, does anyone have a better solution, or more secure/efficient solution?