customized security/rights on servers

  • 128 Views
  • Last Post 12 January 2016
vluu posted this 12 January 2016

Hi,

 

We have a request were an app support team needs to be able to start/stop windows services and install apps on their windows servers. We do not want to give them local admin rights. we running 2008 AD and all servers are win2008r2. What would be the best approach to solve this? Any advice/direction appreciated.

 

Thx

Order By: Standard | Newest | Votes
vluu posted this 12 January 2016

Apologies for multiple post


show

ZJORZ posted this 12 January 2016

If it were just managing services you could see if adjusting the service control manager permissions would help for delegation.

 

However, for installing software you need local admin permissions. You can either delegate that directly to your support team or it is delegated to an intermediate system running some service account. Then within that intermediate system

the support team is delegated the permissions to install software on the targeted system

 

Met vriendelijke groet / Kind regards,


Jorge de Almeida Pinto



E-Mail: JorgeDeAlmeidaPinto@xxxxxxxxxxxxxxxx


Tel.: +31-(0)6-26.26.62.80



(+++Sent from my mobile device +++)


(Apologies for any typos)

 

show

vluu posted this 12 January 2016

Hi Jorge 
Can you elaborate more about the intermediate system for installing apps ? How about to test such setup? Any technet article about it?
Thx


show

ZJORZ posted this 12 January 2016

System center ?

 

Met vriendelijke groet / Kind regards,


Jorge de Almeida Pinto



E-Mail: JorgeDeAlmeidaPinto@xxxxxxxxxxxxxxxx


Tel.: +31-(0)6-26.26.62.80



(+++Sent from my mobile device +++)


(Apologies for any typos)

 

show

darren posted this 12 January 2016

You might want to have a look at JEA (Just Enough Administration) implemented in PowerShell. It provides a really nice model for per-command delegation, as long as the end user is amenable to a PowerShell interface,

without exposing local admin or having to do per-service delegation of rights:

https://gallery.technet.microsoft.com/Just-Enough-Administration-6b5ad370

 

 

 

Darren

 

show

Close