in an enviroment where there is like 3 servers , server 1 DC with AD and Dhcp,dns 2 file storage 3 windows sql all the serveres are joined to the domain so the administrator password of server 1 can open all the other servers where there is important data and stuff but the i.t guys always need the administrator password to do any thing in the users PCs so what is the right way to manage a windows server environment like this or in general how does i.t departments work in small/midsize business sorry for my weak english and sorry if iam saying anything crazy , iam just a pro-user who got an i.t job and i think everything is wrong in this place and ((maybe)) i can fix it
Asked
Active
Viewed 50 times
-2
-
This question should include more details and clarify the problem. – Ramhound Apr 05 '21 at 17:58
-
iam really sorry i said that iam new to i.t jobs . if you want a direct Q i just want to make the i.t department work without the administrator password of the DC – Ryle Apr 05 '21 at 18:04
-
Why? There are functions an IT Administrator performs daily that can only be done with a privileged user account. Sounds like you should gain more experience before you make suggestions to your companies workflow. If you are as new as you sound, based on your description and the terms you used (specifically those you didn't use), expect your suggestions to be ignored. – Ramhound Apr 05 '21 at 18:05
-
yeah no doubt someone must have it i just want to achieve that where only one person or maybe tow to have the DC admin Pass and not every one in the i.t department – Ryle Apr 05 '21 at 18:17
-
Why? How many Administrators you required as a company entirely depend on the number of unprivileged users you have. You have not listed a good reason for wanting to change your companies current workflow. Honestly, the entire question is unclear, and has numerous grammatical errors that make it almost unreadable. – Ramhound Apr 05 '21 at 18:26
-
will i just didnt think that anybody will be intrested in the story i just wanted some clarifications – Ryle Apr 05 '21 at 18:29
-
So your question is "what is the right way to manage a windows server environment like this", there isn't a single correct answer to a question like that (which is a indication the question itself is too broad). – Ramhound Apr 05 '21 at 18:32
-
oh sorry maybe it's my english and my lack of experience in this field , anyway thanks a lot i really respect your interest and your will to help me – Ryle Apr 05 '21 at 19:00
-
You have misspelled common words (serveres, importan) that would have been picked up by your browser dictionary. In other words, the errors appear to be simple typos, not actual errors in your understanding of the English language. The clarity of your question is a harder problem to solve though. – Ramhound Apr 05 '21 at 19:47
1 Answers
0
should all the i.t employees have the administrator password of the windows server DC to get the job done?
No only people responsible for the server and with authority to grant permissions should have the DC password. This should only be 2 or 3 people in case one sick,on vacation, or otherwise not available. Even then every person should have there OWN login and should use it exclusively so whatever they do can be audited.
Generally domains admins use there authority to create local admin account for IT to use. Either that or they are given there own domain account with PC admin privileges and not domain level permissions.
cybernard
- 13,380
- 3
- 29
- 33
-
oh thanks ....so the local administrator account is what they must use , its disabled on most of the PCs !! and they are using the DC administrator account when they want to work on somthing :v – Ryle Apr 05 '21 at 18:54
-
@Ryle Each user should have his own AD account so for example if you had John Doe you could have JDadmin for the username. In addition John Doe would have an ordinary account for his regular work say doej. However, even that account should not have full domain controller access unless it absolutely necessary. This way every thing can be audited. – cybernard Apr 05 '21 at 19:22