Home page logo

basics logo Security Basics mailing list archives

RE: Helpdesk as local admin
From: "Patrick Wade" <wade () ll mit edu>
Date: Mon, 5 Feb 2007 11:43:40 -0500

I think the best practice would be to create a helpdesk group with stripped
down admin privileges that are finely tuned to what they require and nothing
more. So in your case only allow them to install applications and add
machines to the domain but things like account creation and modifying
policies should not be available to them.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of WALI
Sent: Saturday, February 03, 2007 8:59 AM
To: security-basics () securityfocus com
Subject: Helpdesk as local admin

Hi Guys..

So what's the defined best practise regarding HelpDesk personnel be 
given/told local admin account names and passwords on users PC/Workstations 
in order to undertake routine fault finding and applications installation?

Help Desk techies also regularly inserts new workstations into the domain 
hence they need certain privileges to be able to make new workstations join 
the domain. What could be the most secure way given the fact that Servers 
are running Win 2k3 and client machines are a combination of WinXP and

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]