General Chat Thread, What access to give a long term, mature, work experience user? in General; We are having a work experience student join us for a few weeks and wondered what level of access I ...
29th April 2010, 11:21 AM #1
What access to give a long term, mature, work experience user?
We are having a work experience student join us for a few weeks and wondered what level of access I should give them to the system?
They will be carrying out general IT duties and trying to gain exeprience from the whole experience towards her degree.
Has anyone had a similar dilema?
29th April 2010, 11:24 AM #2
i have a lad in for two half days a week and am not keen on giving the same access as me. but in real life i end up logging him on as me or giving him my pw as some of the jobs i give him require that amount off access
Originally Posted by reggiep
29th April 2010, 11:27 AM #3
You should know you should never give your own password out. If they require the same level of access then provide it on their account, at least then anything will be logged to their account not yours!!
Originally Posted by gibbo_ap
Local admin and access to areas where you have your tech utils and software installed?
29th April 2010, 11:35 AM #4
I would give local administrative permissions to PC's, access to any files shared necessary but no access to servers.
29th April 2010, 11:54 AM #5
Or start with a a pretty basic account and add rights as tasks require them, temporarily if necessary.
29th April 2010, 01:23 PM #6
Delegate necessary permissions over appropriate OUs - i.e nothing mission-critical, no servers (to start with).
Have you agreed what the work experience will cover before they arrive or is there a good chance of them being a toner monkey for most of it?
29th April 2010, 01:48 PM #7
Hopefully not just a toner monkey!
Originally Posted by pete
30th April 2010, 10:09 AM #8
tbh my account is a standard user account i have a second account that has full sysadmin access. the password is that complex that i end up logging him on then letting him carry on
Originally Posted by penfold
1st May 2010, 01:25 AM #9
Give him a standard account (e.g. JoeBloggs) . If he needs anything more than that then create a second (AdmJoeBloggs) account and grant it the minimum permissions you can get away with. Have him log on using the standard account and then use the AdmXXX account to remote log on to servers or to 'RunAs' tools like AD Users & Computers or MMC and so forth.
1st May 2010, 02:23 AM #10
I used custom taskpad views of MMCs (such as AD) with delegated controls. This meant all the user could view was the locked down MMC which contained the Student OUs only, and the functions that I created an icon for (unlock, reset password)
Even if this user did open his own MMC to try and access the whole of AD, by also delegating control he couldn't do anything.
Give the user a separate logon script, and map the shares needed for the job (general apps, documentation area) and then restrict everything else down.
If you have apps that can only be run on a server (say Print Credits), create them an account which when it connects to a TS session it launches your print management application, restrict the account to run just this application.
For local admin we already have a group "Student Admin Group" which is automatically added to all domain machines local admin group. This is for the awful software that requires local admin access (ALAN testing and Alice come to mind), add the user into your equivalent if you have one so the user has local admin access to your workstations. That was fun trying to figure out after we removed Ranger!
The key point I've found is to try and make it look as though you are trying to be helpful, and give the user easy access to everything they require, instead of making it appear like you are protecting the network and locking them out. Perception!
Last edited by Trapper; 1st May 2010 at 02:25 AM.
By shafia2009 in forum Other Stuff
Last Post: 20th December 2009, 06:18 PM
By chrbb in forum School ICT Policies
Last Post: 27th November 2009, 09:47 PM
Last Post: 17th November 2009, 09:48 AM
By Ben_Stanton in forum How do you do....it?
Last Post: 2nd April 2009, 03:58 PM
By shafia2009 in forum General Chat
Last Post: 5th February 2009, 03:02 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)