[teknoids] Windows Server Admin Question: Delegate Roles
Michael.Sparks at law.lsu.edu
Sun Nov 20 12:18:57 EST 2011
If your servers are virtual and you use VMware ESX, you can delegate power and shutdown operations to anyone through the VCenter console. I expect Hyper-V has a similar ability. If you don't have either, many university central computing groups will let you use (or sell you use of) their VMware cluster.
On Nov 19, 2011, at 2:18 PM, David Whelan wrote:
I'm trying to figure out how to enable some non-IT staff to do some routine tasks related to an application they run. When they call for external support, invariably they are told to restart the Windows services affecting their application and reboot the server. Right now, they call IT, open a ticket, and wait for a system admin to respond. The response time is the issue, sometimes amounting to half a day and that makes coordination with the external support difficult. The two staff already have power user accounts on the server, but IT is reluctant to give them full admin rights (for obvious reasons).
We've found a command line utility that will add rights to their power user accounts to enable the restarting of services. Nothing short of admn rights to reboot the server.
It seems to me that this shouldn't be so difficult, and that perhaps someone has already figured out how to do this? I know that there used to be tools that would enable granular delegation of rights on Windows (NT/2000) but that with 2003 and 2008, those seem to have gone away. One post I saw indicated we might be able to copy the rights from another type of account (like Backup) to provide a broader set or rights to a power user, and still stay short of full admn rights. I don't have any experience with local policies, but that would have seemed another way to do this.
Anyway, I'm fishing for answers. Anyone have any thoughts or done this?
You are currently subscribed to teknoids as: michael.sparks at law.lsu.edu<mailto:michael.sparks at law.lsu.edu>.
To unsubscribe send a blank email to teknoids-leave at ruckus.law.cornell.edu<mailto:teknoids-leave at ruckus.law.cornell.edu>
See the web interface at http://ruckus.law.cornell.edu/mailman/listinfo/teknoids to get your list password, unsubscribe, and view your list settings.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Teknoids