+ Post New Thread
Results 1 to 10 of 10
General Chat Thread, What access to give a long term, mature, work experience user? in General; We are having a work experience student join us for a few weeks and wondered what level of access I ...
  1. #1
    reggiep's Avatar
    Join Date
    Apr 2008
    Location
    In the vast area of space and time
    Posts
    1,550
    Thank Post
    518
    Thanked 56 Times in 50 Posts
    Rep Power
    30

    What access to give a long term, mature, work experience user?

    We are having a work experience student join us for a few weeks and wondered what level of access I should give them to the system?
    They will be carrying out general IT duties and trying to gain exeprience from the whole experience towards her degree.
    Has anyone had a similar dilema?

    thanks

  2. #2
    gibbo_ap's Avatar
    Join Date
    Nov 2007
    Location
    Staffs, UK
    Posts
    937
    Thank Post
    233
    Thanked 81 Times in 64 Posts
    Rep Power
    36
    Quote Originally Posted by reggiep View Post
    We are having a work experience student join us for a few weeks and wondered what level of access I should give them to the system?
    They will be carrying out general IT duties and trying to gain exeprience from the whole experience towards her degree.
    Has anyone had a similar dilema?

    thanks
    i have a lad in for two half days a week and am not keen on giving the same access as me. but in real life i end up logging him on as me or giving him my pw as some of the jobs i give him require that amount off access

  3. #3


    Join Date
    Sep 2008
    Posts
    1,786
    Thank Post
    329
    Thanked 260 Times in 212 Posts
    Rep Power
    120
    Quote Originally Posted by gibbo_ap View Post
    i have a lad in for two half days a week and am not keen on giving the same access as me. but in real life i end up logging him on as me or giving him my pw as some of the jobs i give him require that amount off access
    You should know you should never give your own password out. If they require the same level of access then provide it on their account, at least then anything will be logged to their account not yours!!

    Local admin and access to areas where you have your tech utils and software installed?

  4. #4

    Join Date
    Oct 2008
    Location
    Lincolnshire
    Posts
    2,230
    Thank Post
    13
    Thanked 230 Times in 219 Posts
    Rep Power
    68
    I would give local administrative permissions to PC's, access to any files shared necessary but no access to servers.

  5. #5
    SteveBentley's Avatar
    Join Date
    Jun 2007
    Location
    Yorkshire
    Posts
    1,439
    Thank Post
    120
    Thanked 263 Times in 189 Posts
    Rep Power
    72
    Or start with a a pretty basic account and add rights as tasks require them, temporarily if necessary.

  6. #6


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,652
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Delegate necessary permissions over appropriate OUs - i.e nothing mission-critical, no servers (to start with).

    Have you agreed what the work experience will cover before they arrive or is there a good chance of them being a toner monkey for most of it?

  7. #7
    reggiep's Avatar
    Join Date
    Apr 2008
    Location
    In the vast area of space and time
    Posts
    1,550
    Thank Post
    518
    Thanked 56 Times in 50 Posts
    Rep Power
    30
    Quote Originally Posted by pete View Post
    Delegate necessary permissions over appropriate OUs - i.e nothing mission-critical, no servers (to start with).

    Have you agreed what the work experience will cover before they arrive or is there a good chance of them being a toner monkey for most of it?
    Hopefully not just a toner monkey!

  8. #8
    gibbo_ap's Avatar
    Join Date
    Nov 2007
    Location
    Staffs, UK
    Posts
    937
    Thank Post
    233
    Thanked 81 Times in 64 Posts
    Rep Power
    36
    Quote Originally Posted by penfold View Post
    You should know you should never give your own password out. If they require the same level of access then provide it on their account, at least then anything will be logged to their account not yours!!

    Local admin and access to areas where you have your tech utils and software installed?
    tbh my account is a standard user account i have a second account that has full sysadmin access. the password is that complex that i end up logging him on then letting him carry on

  9. #9
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34
    Give him a standard account (e.g. JoeBloggs) . If he needs anything more than that then create a second (AdmJoeBloggs) account and grant it the minimum permissions you can get away with. Have him log on using the standard account and then use the AdmXXX account to remote log on to servers or to 'RunAs' tools like AD Users & Computers or MMC and so forth.

  10. #10
    Trapper's Avatar
    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    1,212
    Thank Post
    74
    Thanked 148 Times in 119 Posts
    Rep Power
    93
    I used custom taskpad views of MMCs (such as AD) with delegated controls. This meant all the user could view was the locked down MMC which contained the Student OUs only, and the functions that I created an icon for (unlock, reset password)

    Even if this user did open his own MMC to try and access the whole of AD, by also delegating control he couldn't do anything.

    Give the user a separate logon script, and map the shares needed for the job (general apps, documentation area) and then restrict everything else down.

    If you have apps that can only be run on a server (say Print Credits), create them an account which when it connects to a TS session it launches your print management application, restrict the account to run just this application.

    For local admin we already have a group "Student Admin Group" which is automatically added to all domain machines local admin group. This is for the awful software that requires local admin access (ALAN testing and Alice come to mind), add the user into your equivalent if you have one so the user has local admin access to your workstations. That was fun trying to figure out after we removed Ranger!

    The key point I've found is to try and make it look as though you are trying to be helpful, and give the user easy access to everything they require, instead of making it appear like you are protecting the network and locking them out. Perception!
    Last edited by Trapper; 1st May 2010 at 01:25 AM.

  11. Thanks to Trapper from:

    reggiep (4th May 2010)

SHARE:
+ Post New Thread

Similar Threads

  1. work experience
    By shafia2009 in forum Other Stuff
    Replies: 0
    Last Post: 20th December 2009, 05:18 PM
  2. laptop use during long term illness policy?
    By chrbb in forum School ICT Policies
    Replies: 12
    Last Post: 27th November 2009, 08:47 PM
  3. iMacs as a long term investment...
    By Marci in forum Mac
    Replies: 18
    Last Post: 17th November 2009, 08:48 AM
  4. College student on work experience - access to school DB? Yay or nay?
    By Ben_Stanton in forum How do you do....it?
    Replies: 8
    Last Post: 2nd April 2009, 02:58 PM
  5. Work experience
    By shafia2009 in forum General Chat
    Replies: 2
    Last Post: 5th February 2009, 02:02 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •