+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Windows Server 2000/2003 Thread, Can anyone please suggest account permissions for an Apprentice Technician? in Technical; Can anyone please suggest AD account permissions for an apprentice technician we have starting? Sorry if this appears lazy, but ...
  1. #1

    Join Date
    Aug 2007
    Posts
    802
    Thank Post
    95
    Thanked 60 Times in 45 Posts
    Rep Power
    25

    Can anyone please suggest account permissions for an Apprentice Technician?

    Can anyone please suggest AD account permissions for an apprentice technician we have starting?

    Sorry if this appears lazy, but as I'm sure many of you have been through this before. Previously there has only been an experienced technician and a network manager, we have just been full "domain administrators"....

    Obviously I know it depends on what roles we wish them to be able to do, but could anyone please suggest what set-up they may have for there trainee technicians? I do not want our computer/user accounts deleted whilst he is learning!

    Thanks in advance

  2. #2

    Join Date
    Jun 2010
    Location
    England
    Posts
    735
    Thank Post
    89
    Thanked 52 Times in 46 Posts
    Rep Power
    34
    Just give him access to reset passwords for the start? And then as you train him/Gain his trust, alter the permissions to suit the jobs he needs to do.

  3. #3

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    Quote Originally Posted by ihaveaproblem View Post
    Just give him access to reset passwords for the start? And then as you train him/Gain his trust, alter the permissions to suit the jobs he needs to do.
    As mentioned here - I setup like a normal staff account - so had perms to reset password but then removed him from the ou so no gpo's applied. added locally to the admins group of his pc therefore he can tinker etc on that - if it breaks fog it!

  4. #4

    Join Date
    Aug 2007
    Posts
    802
    Thank Post
    95
    Thanked 60 Times in 45 Posts
    Rep Power
    25
    Thanks,
    Students reset their own passwords and if they cant manage it themselves staff do it for them, we use "Self Service Password Reset" which is a great edugeek project

    I will set him up as glennda suggested and maybe have a read of the 114 page, "Best Practice Guide for Securing Active Directory Installations.doc" tomorrow!!
    I did start to read about setting up "service administrator" accounts and thought that someone might have already done this and have a great set for a beginner.
    Thanks again

  5. #5

    Join Date
    Aug 2007
    Posts
    802
    Thank Post
    95
    Thanked 60 Times in 45 Posts
    Rep Power
    25
    Quote Originally Posted by glennda View Post
    added locally to the admins group of his pc
    We have a very strange problem that has been around since we created the domain, if anyone is added as a local admin to any computer at any point, then roaming profiles just stop working on any other future computers for them until their AD account is recreated, I have no idea why and there are no errors, the replication back to the server just doesn't happen! Luckily now as the bursar`s use SAP, we don't have anyone in the school that needs to be a local administrator or power user!

    Thanks for replies

  6. #6

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    12,965
    Thank Post
    587
    Thanked 1,494 Times in 1,340 Posts
    Rep Power
    397
    To be honest with something like this I think it's best to start them off doing the basic tasks, toner/paper stuffing, maybe building/repairing some hardware faults on machines.

    If you want to expose them to AD etc... let them observe and to give them some hands on experience of that give them some vm's in a domain configuration to play with.

    Ben

  7. #7

    Join Date
    Aug 2007
    Posts
    802
    Thank Post
    95
    Thanked 60 Times in 45 Posts
    Rep Power
    25
    Thanks Ben,
    I guess I am jumping the gun a little. I forget we will have to be first showing him how to clean projector filters and change toners first. But we only have him for a year and I really don't want him to leave us after 12 months without the learned skills to get a great tech job somewhere instead of being as some teachers would call him a "Toner Monkey" .
    Oh well nothing like planning in advance!

  8. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,389
    Thank Post
    797
    Thanked 1,587 Times in 1,390 Posts
    Blog Entries
    10
    Rep Power
    427
    Personally i think he will be ok with local admin rights, password resets & the ability to join machines to the domaim.

  9. #9

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    12,965
    Thank Post
    587
    Thanked 1,494 Times in 1,340 Posts
    Rep Power
    397
    Maybe plan backwards and set some goals/milestones for him to work towards.

    Ben

  10. #10
    dgsmith's Avatar
    Join Date
    Nov 2007
    Location
    Merseyside, England
    Posts
    1,076
    Thank Post
    118
    Thanked 87 Times in 76 Posts
    Rep Power
    35
    I think it's rather demeaning to give any less than a basic administrative access level.

    When I first started, I had little experience in this field (a few months from previous place) but was given full admin access (or maybe it's because I was on my own half the week for the first year so had no choice but to need it and to pick things up very quickly!)

    I'd have felt a little miffed to say the least if i'd come into a job enthusiastic and to learn but was held back and limited to, as I quote above, "toner/paper stuffing, maybe building/repairing some hardware faults on machines". The irony is that after all these years, most of my time is now spent faffing with pc components and fiddling/sorting out printers!!

    Sure, work experience students (under 17) or someone who is only going to be there for a very short time should be given the bare minimum (if they're there just to test the water in terms of is that what they want to do), but someone who is starting as a full-time job and intends on their duration being long term I think should have some form of administrative access.

    You'll find you'll learn alot more about them quicker depending on how they treat such access and respect trust from yourself/other techies; indeed, offer the suggestion that you're willing to trust them as an adult who won't take it as an opportunity to cause havoc and accept alot of things they'll need to be patient with regards to the learning curve. Should a disaster caused by lack of maturity or worrying impatience happen, of course, you should have a decent enough backup system in place and pending how bad such "havoc" was caused, be able to ensure they find all the correct "one-way" doors

    On a more serious note, unless they're a kid or has zero experience and/or shown zero enthusiasm, any less than a basic admin account is an insult.
    Last edited by dgsmith; 8th February 2012 at 09:57 PM.

  11. Thanks to dgsmith from:

    FN-GM (8th February 2012)

  12. #11

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    12,965
    Thank Post
    587
    Thanked 1,494 Times in 1,340 Posts
    Rep Power
    397
    Totally disagree and as I said plan the work to lead to bringing them up to a suitable standard.

    Saying that someone should be given the keys to the kingdom from day one us reckless and irresponsible.

    There will be no need to "recover from havoc" as it will not happen if done in the right way.

    Depending on the persons apptitude then the program may be accelerated.

    Ben

  13. #12
    dgsmith's Avatar
    Join Date
    Nov 2007
    Location
    Merseyside, England
    Posts
    1,076
    Thank Post
    118
    Thanked 87 Times in 76 Posts
    Rep Power
    35
    @plexer: You may disagree and maybe you're right in your own way, but I can only speak from (positive) experience at my current and previous workplace (where I was also given full access). The "havoc" statement was meant tongue in cheek, but mainly to reinterate that as professionals we always ensure everything is backed up and thus most undesirable actions can never usually be indefinately destructive.

    Note though I only noted "basic admin access" and didn't suggest everyone, under every circumstance, should be given rights to the whole lot. My circumstances where different (as I briefly explained) and thus would have been very difficult to have anything other than full, but I guess it depends on the circumstances and how you perceive an individual on the initial impressions or indeed your own preferences.

    To answer burgemaster directly though: "I do not want our computer/user accounts deleted whilst he is learning!" - either action is a concious action and equally can be mistakenly done whether you're learning or working from years of experience.

  14. #13

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    12,965
    Thank Post
    587
    Thanked 1,494 Times in 1,340 Posts
    Rep Power
    397
    I would also add that they should be taught to use least access rights required to acheive their tasks.

    @GREED has dealt with a lot of apprentices

    Ben

  15. #14

    GREED's Avatar
    Join Date
    Mar 2008
    Location
    Portsmouth
    Posts
    2,662
    Thank Post
    320
    Thanked 311 Times in 253 Posts
    Blog Entries
    8
    Rep Power
    122
    Thanks @plexer

    To let you know I used to mentor and assess IT apprentices, apprentice IT Technicians etc so I would be happy to share my experiences etc (tomorrow, it is far to late for such a potentially mamouth post!) But let me know if interested and what you might like to know and I can give you everything I have. What quals they doing as well?

    To give you a starting point though, think back to when you started with IT and what help you would have liked, so give that back!!

  16. #15
    rad
    rad is offline
    rad's Avatar
    Join Date
    Jan 2009
    Location
    Middlesex
    Posts
    2,385
    Thank Post
    311
    Thanked 295 Times in 224 Posts
    Rep Power
    106
    Set up his account so he can only log onto X number of machines at one time. Ours started as just 2, office pc and one other.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 34
    Last Post: 20th July 2012, 10:51 AM
  2. Can anyone convert a .indd file for me please?
    By SimpleSi in forum General Chat
    Replies: 4
    Last Post: 5th June 2011, 05:33 PM
  3. Replies: 15
    Last Post: 10th September 2010, 11:08 AM
  4. Any jobs/places for an ICT Technician around Yorkshire?
    By googlemad in forum Educational IT Jobs
    Replies: 14
    Last Post: 23rd March 2007, 12:27 PM
  5. What do you do for an ICT Technician Practical Test?
    By mrforgetful in forum How do you do....it?
    Replies: 30
    Last Post: 19th December 2006, 11:50 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •