Share permissions and file permissions, they usually access both through Shared folders snapin, but I just ripped Admin rights away from them in Windows 2008 R2 systems accordingly, and they can't do it that way anymore which means retraining, they claim on their part. Its been all a mess for a while and its time to just fix the issue, and do ABE or manage the permissions ourselves, so as to keep to the standards.
Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Jonathan Link [mailto:[email protected]] Sent: Wednesday, September 01, 2010 4:45 PM To: NT System Admin Issues Subject: Re: Trying to limit my helpdesk to Power User rights, As in file permissions? On Wed, Sep 1, 2010 at 4:42 PM, Ziots, Edward <[email protected]> wrote: Yep, Looks like we are going to have to go that way, problem is they field a lot of calls about permissions and directories and not gaining access, etc etc, which is just going to now fall on the Server Engineering group, more pain... more pain, because things aren't done right in the first place. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] <mailto:email%[email protected]> Cell:401-639-3505 From: Crawford, Scott [mailto:[email protected]] Sent: Wednesday, September 01, 2010 4:38 PM To: NT System Admin Issues Subject: RE: Trying to limit my helpdesk to Power User rights, I would manage the permissions myself. If you don't want them to be admins, you shouldn't be making them power users either. Power Users are Admins who have not made themselves admins yet http://blogs.technet.com/b/jesper_johansson/archive/2006/03/12/421870.as px From: Ziots, Edward [mailto:[email protected]] Sent: Wednesday, September 01, 2010 2:02 PM To: NT System Admin Issues Subject: Trying to limit my helpdesk to Power User rights, I am trying as a method of locking down my Win2k8 and below servers is removing administrative rights wherever I can to the minimal level, I have setup my helpdesk folks to be Power users on one of my Windows 2008 R2 boxes, and if they login local to the box, they can create a directory and share local on the server, using MMC etc etc, ( I tested as a domain user as a power user) but if I run the MMC Shared folders snapin as the Power User from my XP System ( I made the account full admin on the workstation) when I try and take a look at the drives, via the snapin it doesn't allow it when it's a Power user on the server, I know if I was to make the group or the test user a local administrator ( which I don't want to do, because the keep screwing up permissions right and left) then they will see the drives and create folder etc etc accordingly. Any ideas, How I can get this working with Power User only rights accordingly? Maybe using additional share on the root of the drives to get them access accordingly? Either that or take care of all the permissions myself. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] <mailto:email%[email protected]> Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
