That's a very 'it depends' type question, but here's a rough framework:
1. Sit down with the IS guys and discuss at length their requirements
2. Create additional (secondary) user IDs for the IS people, based upon
their requirements
3. Ensure that these secondary logons' usage is monitored
I would suggest you grant the guys the minimum privileges required, but
this can only be achieved by spending time at stage 1, above.
I'm sure others will chip in with their experiences too, but hopefully
the above helps you make a start.
neil
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frank Abagnale
Sent: 16 January 2007 13:48
To: Active
Subject: [ActiveDir] Delegating Permissions
Hi,
I have a question regarding access permissions within Active Directory
and Local Servers.
Basically, Information Security would like to have the ability to have
access to all of Active Directory, Logon to Servers and access File
Shares/Exchange Mailboxes.
Is this achievable without making them domain admins? What do you do for
Information Security in your orgs?
thanks Frank
_
Get your own web address.
http://us.rd.yahoo.com/evt=49678/*http://smallbusiness.yahoo.com/domain
s/?p=BESTDEAL
Have a HUGE year through Yahoo! Small Business.
http://us.rd.yahoo.com/evt=49678/*http://smallbusiness.yahoo.com/domain
s/?p=BESTDEAL
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
