Security Basics mailing list archives
RE: Helpdesk as local admin
From: "Patrick Wade" <wade () ll mit edu>
Date: Mon, 5 Feb 2007 11:43:40 -0500
I think the best practice would be to create a helpdesk group with stripped down admin privileges that are finely tuned to what they require and nothing more. So in your case only allow them to install applications and add machines to the domain but things like account creation and modifying policies should not be available to them. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of WALI Sent: Saturday, February 03, 2007 8:59 AM To: security-basics () securityfocus com Subject: Helpdesk as local admin Hi Guys.. So what's the defined best practise regarding HelpDesk personnel be given/told local admin account names and passwords on users PC/Workstations in order to undertake routine fault finding and applications installation? Help Desk techies also regularly inserts new workstations into the domain hence they need certain privileges to be able to make new workstations join the domain. What could be the most secure way given the fact that Servers are running Win 2k3 and client machines are a combination of WinXP and Win2k.
Current thread:
- Helpdesk as local admin WALI (Feb 05)
- RE: Helpdesk as local admin Scott Ramsdell (Feb 05)
- Re: Helpdesk as local admin gjgowey (Feb 05)
- RE: Helpdesk as local admin Patrick Wade (Feb 05)
- <Possible follow-ups>
- Re: Helpdesk as local admin Henry Troup (Feb 05)
- Re: Helpdesk as local admin htroup (Feb 05)
- RE: Helpdesk as local admin Rolf Huisman (Feb 07)
- RE: Helpdesk as local admin Henry Troup (Feb 07)
- Re: FW: Helpdesk as local admin kevin fielder (Feb 07)