Free! Registration is required.
In many organizations that run standard Active Directory environments, IT Pros are given unnecessary administrative permissions, even to the point where technicians on the service desk are members of the Domain Admins and Enterprise Admins security groups. Part of the reason for this is the inherent complexity in delegating and managing administrative privileges. Another part of the problem is that there is a tradition on Windows networks of having all powerful accounts rather than separate specific-purpose administrative accounts. In this paper, you’ll learn about:
• Role-Based Access Control and the challenges of implementing RBAC in a standard Active Directory environment.
• The problems that occur when administrators are issued separate accounts for regular and administrative tasks.
• The problems of ensuring that administrator accounts are deprovisioned when necessary.
• The complexities involved in monitoring precisely which tasks are performed when an IT Pro is logged onto a computer with administrative permissions.
• The problems of managing and maintaining service accounts and sensitive group membership.
• The problem of determining which users have been assigned rights in an organization when records haven’t been kept of changes made to Active Directory permissions.