Guest administrator access

TheMSsForum.com: The Microsoft Software Forum

First of all thanks to all the helpful folk who give us
answers. Greatly appreciated.

The question I have regarding guest administrator access, is
as follows. The company wants to have an independant
consultant come in and do a network and security audit on
the system as we have installed it to look for, I am
assuming, security holes, or misconfigurations etc.

I have suggested that I create a guest administrator account
because I am uncomfortable handing out the administrator
credentials to an outside party. As well the administrator
doesn't need access to personal folders etc he just needs to
look over the logs and performance monitors etc.

If this were you, what permissions would you give him/her?
Is there a way to lock down such so that they can look at
these things without having "full" administrator rights?

Any direction would be beneficial.

thanks again.
Top

Re: Guest administrator access by Dave

Dave
Fri Sep 10 18:55:59 CDT 2004

I like your idea of creating a special account for this purpose - you can
disable or delete it as soon as the outside consultant's finished. If I
were in your situation, I would ask your boss to make it clear to the
consultant that you are the system admin, and that he/she expects your
requests and concerns to be addressed. Meet with the consultant yourself to
see what he/she plans to do, and what access he needs. Satisfy yourself
that nothing he's planning poses any kind of risk to your system, including
unintended risks. Will he document any changes, ask your permission before
changing anything, etc.

You'll probably need to give him the same permissions as the regular
administrator account in order for him to satisfactorily evaluate
everything. I'd express your privacy concerns to the consultant and expect
him to honor them - there's no reason why he should have to read anyone's
files to do his job. You could set "deny" rights on the users' folders, but
he could take ownership and change that with admin rights his account
probably needs.



"Martin Stepanek" <martin@image-technology.com> wrote in message
news:Ou60SVrlEHA.3104@TK2MSFTNGP14.phx.gbl...
> First of all thanks to all the helpful folk who give us
> answers. Greatly appreciated.
>
> The question I have regarding guest administrator access, is
> as follows. The company wants to have an independant
> consultant come in and do a network and security audit on
> the system as we have installed it to look for, I am
> assuming, security holes, or misconfigurations etc.
>
> I have suggested that I create a guest administrator account
> because I am uncomfortable handing out the administrator
> credentials to an outside party. As well the administrator
> doesn't need access to personal folders etc he just needs to
> look over the logs and performance monitors etc.
>
> If this were you, what permissions would you give him/her?
> Is there a way to lock down such so that they can look at
> these things without having "full" administrator rights?
>
> Any direction would be beneficial.
>
> thanks again.


Top