Question : Help Desk Permissions

I would like to implement the principle of least privilege for my help desk users. I have a group created in Active Directory that adds the help desk group to the local Administrators group on the local computers in my organization by using Restricted Groups. However, I find that this gives them more permissions than I want. For example, I don't want them to be able to change the local administrator account or modify the password. However, I would like for them to perform most Power Users tasks plus occasional disk defrag and other maintenance tasks.

What is the industry standard for help desk users? I would like to get some opionions to see if I am doing it correctly or if there is a better way. Thanks in advance

Answer : Help Desk Permissions

Well first thing first - i would always have your staff use two accounts. One normal user and one for admin purposes. This will help keep them safe when doing normal everyday tasks on their desktops.

The way to give helpdesk users access, there are numerous ideas on this. In your case a seperate power user for each hepdesk person would most likely suit. Make sure the use only accesses the desktops not the servers.

If they need server access, less is more, only give them access to the servers they need and not to all servers. This will mean less chance of accidents. As staff develop you can use this model to increase their access as their skill grow.

Cheers
Stu

Random Solutions

Where do the live scoring results on Google come from?

Connect to a friends pc.

Query syntax with inner join

strange help file behavious

ActiveX & Java apps suddenly not working in IE7! Also, Media Player won't run.

ASA5505 vpn clients can't talk to inside hosts

Cannot get Windows to operate on multiple files with right click context menu.

Stalling problem with Outlook 2003 and ACT

Database synchronization between MySQL and AS400