Admin Users

[dave-lew99]

Whats your policy? Do you have a strict one user = one member of staff and those who do admin have elevated privaledges?

Or is it a case of having admin accounts that people log in to, in that case is it one per staff member who would need it or one with a shared password?

I suppose my position is a bit odd in that i'm a software engineer and require no elevated permissions on a day to day basis, however i am the one who does all the admin, for which i log in as an admin/root/etc user to do the work.

 

[brainchylde]

In my experience you just need to adapt it to the environment you work in. When the environment grows, the idea of having shared logins is scary as you can't effectively manage it. In a small working environment, it's not too bad. Change management is also important in these instances and if you don't have the communication routes to let everyone know exactly what you've done then you're entering dangerous territory.

 

[atomiser]

I've recently started at a new place. The environment is almost exclusively Wyse terminal and Citrix based. I have a domain user account that I use for all my email / ticketing / browsing needs, and then I have a separate admin desktop that I launch and login with an elevated account for all my support and project needs. I then use CAG remotely to give me an identical experience when I'm away from the office. It all works perfectly.

 

[Ev0]

We run with 2 accounts, our 'standard' accounts have slightly elevated perms over a normal user and our admin accounts have higher access.

 

[iaind]

We run with 2 accounts, our 'standard' accounts have slightly elevated perms over a normal user and our admin accounts have higher access.

This is best practice, although IME a lot of companies don't bother, nice to see some do

 

[Ev0]

Yup 'tis the 'best practice' way

Log on with my normal account, then jjust 'run as' any apps that need the higher access.

Then when logging on to servers to do stuff I just use the admin account.