Hey everyone! I have a new IT admin starting soon, and I need some advice on the best way to grant them access to our servers. I'm looking for a way to allow them to manage processes and provide support without giving them excessive privileges that could lead to issues. What are some best practices for setting up their access?
5 Answers
If you're managing PCs, consider creating a local admin role for them, plus a new domain admin role with restricted access to essential functions. It's a good way to balance support needs while keeping security in check.
I recommend setting up role-based access control if you haven't done that yet. It helps define what permissions each role has, ensuring your new admin only gets the access they need without overstepping.
Without knowing your specific setup, it's a bit tricky to give tailored advice, but here are some general tips: Consider deploying a new SSH key for your Linux hosts or create a separate admin account in your LDAP. It’s crucial not to mix this with their regular employee account!
Could you share more about your setup? I see you're using VMware and have users accessing through thin clients. That context can really help in providing more specific recommendations!
You could look into Privileged Identity Management with Just In Time Access. This approach would give your new admin limited, time-sensitive access for administrative tasks. For managing local accounts, deploying LAPS could be beneficial too.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures