delegating control to local admins for windows 2000 server

Discussion in 'OT Technology' started by sunnyside, Aug 11, 2004.

  1. sunnyside

    sunnyside Guest

    ok so here is my question...

    i'm setting up the active directory infrastructure for the insurance company i work for. i've set up groups and ou's as well as numerous policies. my question is how do i delegate SPECIFIC controls to local admins without having to install administrative tools on each admin comp. i want each department head (IT, HR, Marketing...) to have resource access to their own groups, users, and any pertinent policies. i.e HR admins would have the ability to add users...now what im looking for is a GUI that is completely integrated with active directory, user friendly for my non-technical local admins, and cost effective. does microsoft provide a program already? thanks a bunch.
     
  2. Chaotic Reality

    Chaotic Reality New Member

    Joined:
    Jun 22, 2004
    Messages:
    29,052
    Likes Received:
    0
    Location:
    Phoenix, AZ
    what's wrong with just adding admistrative tools? :confused:
     
  3. sunnyside

    sunnyside Guest

    ok..i was thinking about this but i wasnt too happy about the user friendlylessness =P...my department heads are crazy computer illiterate...i wish there was a nice colorful GUI out there with big round buttons and they could push to control their users. =) thanks man
     
  4. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    If they're that computer illiterate, they shouldn't be admining.
     
  5. Scoob_13

    Scoob_13 Anything is possible, but the odds are astronomica

    Joined:
    Oct 5, 2001
    Messages:
    73,785
    Likes Received:
    38
    Location:
    Fort Worth. Hooray cowgirls.
    No offense, but don't do that - don't even give a second thought to doing that. If you want ANY sort of ability to maintain your systems easily and efficiently, never, under any circumstances, give someone that doesn't know what they're doing access to the AD MMC. They will jack up more things than you have ever thought possible, they will give people the incorrect access, and you'll never be able to keep track of what changes were made.

    Take the time to properly administrer your AD and you'll have a well oiled machine. Slack off, and you'll be screwed for eternity, and not in the fun way :wtc:
     
    Last edited: Aug 12, 2004
  6. Scoob_13

    Scoob_13 Anything is possible, but the odds are astronomica

    Joined:
    Oct 5, 2001
    Messages:
    73,785
    Likes Received:
    38
    Location:
    Fort Worth. Hooray cowgirls.
    I read:

    And thought "abort! abort!"

    And I still do :o
     
  7. sunnyside

    sunnyside Guest

    resetting passwords and unlocking workstations is hardly admining, but it is still necessary...saves IT guys time and resources...
     
  8. sunnyside

    sunnyside Guest

    AD group policies can be as specific as you want them to be...and you can have a good amount in the windows 2000 version, without overwhelming the server, with the new hierarchy system...you name the restriction and you'll be able to implement it...even more now with windows server 2003...
     
  9. Scoob_13

    Scoob_13 Anything is possible, but the odds are astronomica

    Joined:
    Oct 5, 2001
    Messages:
    73,785
    Likes Received:
    38
    Location:
    Fort Worth. Hooray cowgirls.
    I guess this is where 2 groups with different thoughts on the subject splinter off.

    I would never, ever give anyone other than a true administrator access to AD. I guess some people would give it to regular users. :dunno:

    Whatever floats your boat I suppose.
     
  10. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Yeah, I mean it's important that you establish who the idiots are who forget passwords so you can deny them access to other parts of the network, not to mention the sucking up that it creates.
     

Share This Page