A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Security and Administration with Windows XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Mobile User - Temporary Admin Rights



 
 
Thread Tools Display Modes
  #1  
Old December 10th 09, 04:16 PM posted to microsoft.public.windowsxp.security_admin
Paul Worsnop
external usenet poster
 
Posts: 5
Default Mobile User - Temporary Admin Rights

We have a user who regularly travels and sometimes requires the ability to
install software when away from the office.

He, as is everyone else except the I.T dept, is a normal domain user with no
administrator rights.

Is there anyway he can have administrator rights while he is away and not
directly logged onto the domain? We only want these administrator rights
allowed while he is away and not when he returns and actually connects to and
logs onto our domain.

Bear in mind he will still be logging onto the domain (Without actually
connecting to it) when away as he has offline files enabled. EG Log on to:
"DOMAIN NAME" and not "LOCAL COMPUTER".

Thank you.


Ads
  #2  
Old December 10th 09, 04:43 PM posted to microsoft.public.windowsxp.security_admin
Shenan Stanley
external usenet poster
 
Posts: 10,523
Default Mobile User - Temporary Admin Rights

Paul Worsnop wrote:
We have a user who regularly travels and sometimes requires the
ability to install software when away from the office.

He, as is everyone else except the I.T dept, is a normal domain
user with no administrator rights.

Is there anyway he can have administrator rights while he is away
and not directly logged onto the domain? We only want these
administrator rights allowed while he is away and not when he
returns and actually connects to and logs onto our domain.

Bear in mind he will still be logging onto the domain (Without
actually connecting to it) when away as he has offline files
enabled. EG Log on to: "DOMAIN NAME" and not "LOCAL COMPUTER".


You could create an account (local) for him to use just to install stuff -
but I think the better solution is for him to contact you when he needs to
install something, you remotely install it. That way - you don't have a
user with administrative rights randomly installing stuff on a computer they
do not own and do not do the troubleshooting for.

Above and beyond the risks of giving a regular user of a company owned
computer admin rights is the learning curve of having the user either do a
'run as' or risk of him not being able to log back into the domain account
after logging in locally if he logs off.

You remotely installing is a much better/workable solution.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


  #3  
Old February 4th 10, 04:27 PM posted to microsoft.public.windowsxp.security_admin
Buzby
external usenet poster
 
Posts: 1
Default Mobile User - Temporary Admin Rights

I am looking for a similar solution.

The problem with the solution mentioned below is it does not scale.

Ideal solution would be
Step 1: User runs into issue that requires local admin access
Step 2: User contacts support with valid reason for admin access
Step 3: Support provides a temporary "key" to allow for admin level access
for x amount of time
Step 4: User enters key, gets access
Step 5: Access goes away after X amoutn of time

Any ideas????

- Chris

"Paul Worsnop" wrote:

We have a user who regularly travels and sometimes requires the ability to
install software when away from the office.

He, as is everyone else except the I.T dept, is a normal domain user with no
administrator rights.

Is there anyway he can have administrator rights while he is away and not
directly logged onto the domain? We only want these administrator rights
allowed while he is away and not when he returns and actually connects to and
logs onto our domain.

Bear in mind he will still be logging onto the domain (Without actually
connecting to it) when away as he has offline files enabled. EG Log on to:
"DOMAIN NAME" and not "LOCAL COMPUTER".

Thank you.


  #4  
Old February 5th 10, 12:46 AM posted to microsoft.public.windowsxp.security_admin
Shenan Stanley
external usenet poster
 
Posts: 10,523
Default Mobile User - Temporary Admin Rights

Buzby wrote:
I am looking for a similar solution.

The problem with the solution mentioned below is it does not scale.

Ideal solution would be
Step 1: User runs into issue that requires local admin access
Step 2: User contacts support with valid reason for admin access
Step 3: Support provides a temporary "key" to allow for admin level
access for x amount of time
Step 4: User enters key, gets access
Step 5: Access goes away after X amoutn of time

Any ideas????


MakeMeAdmin modification?

Truthfully though - I wouldn't make a user administrator without true admin
supervision - so remote interaction has been my solution - with me or
co-workers doing the request.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 01:53 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.