Set privileges for new administrator

Discussion in 'Windows Small Business Server' started by Matt S, Jun 30, 2011.

  1. Matt S

    Matt S Guest


    I couldn't find an answer on the net, however apologies if this has
    already been posted somewhere.

    The situation is this, we are running SBS 2003 Premium (using SQL
    server). For several years I have been the sole domain admin, however
    now I can't allocate enough of my time to carry out all domain admin

    Therefore I would like to allow one of our users, who is IT literate
    to help me manage the tasks of adding new users, setting up computers
    for users, recovering lost passwords, unblocking locked accounts etc.

    However if I create a new domain admin account for him to use for this
    purpose, how do I restrict the following:

    1. Gaining Access to folders of company directors - I could put a deny
    right against the folders, but couldn't he just take ownership of the
    2. Deleting users from the system?
    3. Accessing an sql server table containing employee salaries? - again
    I can put a deny right but couldn't he override this?

    The above may sound paranoid, as I do trust the employee, however I do
    need to ensure I undertake due diligence with company IT security.

    Any help would be appreciated.
    Matt S, Jun 30, 2011
    1. Advertisements

  2. Matt S

    Steve Foster Guest

    1. You must have complete faith in anyone who is granted Domain Admin

    2. If you want to offer a subset of this, create a group accordingly,
    and grant the relevant privileges to the group. ISTR that SBS2003 had a
    group for this purpose, but I don't have one handy to look at right now.
    Steve Foster, Jul 4, 2011
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.