I think most of security officers could be asked to deny permissions according to each IT employee task. Well, that's what I'm being asked.
What I mean is the following: we have people working at IT but we don't want everyone to have domain admin rights.
As they need to do some specific tasks and because of not delaying everydays work all IT staff was given domain admin rights.
I'd like to restrict these rights but I'm not sure if they'll be able to keep on with there activities without any problem.
I'd like to know what rights should I give them according to their task profiles:
IT Supportist 1: He needs to have rights to install any program on any network computer or laptop.
IT Supportist 2: He needs to change information at Exchange User profile.
IT Supportist 3: He needs to change information at Active Directory User profile.
Security Officer: He must have all rights available.
Network administrator: He must have all rights available but to change ISA Server rules or change Security Officer rights.
Do you know if there's a profile for each user to accomplish with this?
Thanks in advance, Marcelo
What I mean is the following: we have people working at IT but we don't want everyone to have domain admin rights.
As they need to do some specific tasks and because of not delaying everydays work all IT staff was given domain admin rights.
I'd like to restrict these rights but I'm not sure if they'll be able to keep on with there activities without any problem.
I'd like to know what rights should I give them according to their task profiles:
IT Supportist 1: He needs to have rights to install any program on any network computer or laptop.
IT Supportist 2: He needs to change information at Exchange User profile.
IT Supportist 3: He needs to change information at Active Directory User profile.
Security Officer: He must have all rights available.
Network administrator: He must have all rights available but to change ISA Server rules or change Security Officer rights.
Do you know if there's a profile for each user to accomplish with this?
Thanks in advance, Marcelo
Comment