I've got a new IT admin starting, and I need to set them up with access to our servers. I want to make sure they have enough permissions to manage processes and provide support without accidentally causing issues or having too much access. What's the best way to approach this?
5 Answers
What's your current setup? Without that info, I can only give general advice. For Linux hosts, I recommend deploying a new SSH key and user. For Windows, set up an additional admin account through Active Directory, but never use standard employee accounts for admin tasks.
It's best to use role-based access. If you haven’t set that up already, now’s the time! It helps streamline permissions and keeps things secure.
I’d suggest creating a local admin role for PCs and a regular domain admin role with limited permissions so they don’t have full access across the board.
Our setup is similar, mostly VMware servers running ESXi. We have users logging on through thin clients to an RDS server, with local file hosting. Just make sure to create a local admin role with limited access for the new user.
Consider using Privileged Identity Management. This allows for Just In Time Access, giving limited administrative access for a time. Plus, if you’re dealing with local admin rights, implementing LAPS can really help with security.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures