Mobile User - Temporary Admin Rights

  • Thread starter Thread starter Paul Worsnop
  • Start date Start date
P

Paul Worsnop

We have a user who regularly travels and sometimes requires the ability to
install software when away from the office.

He, as is everyone else except the I.T dept, is a normal domain user with no
administrator rights.

Is there anyway he can have administrator rights while he is away and not
directly logged onto the domain? We only want these administrator rights
allowed while he is away and not when he returns and actually connects to and
logs onto our domain.

Bear in mind he will still be logging onto the domain (Without actually
connecting to it) when away as he has offline files enabled. EG Log on to:
"DOMAIN NAME" and not "LOCAL COMPUTER".

Thank you.
 
Paul said:
We have a user who regularly travels and sometimes requires the
ability to install software when away from the office.

He, as is everyone else except the I.T dept, is a normal domain
user with no administrator rights.

Is there anyway he can have administrator rights while he is away
and not directly logged onto the domain? We only want these
administrator rights allowed while he is away and not when he
returns and actually connects to and logs onto our domain.

Bear in mind he will still be logging onto the domain (Without
actually connecting to it) when away as he has offline files
enabled. EG Log on to: "DOMAIN NAME" and not "LOCAL COMPUTER".
Click to expand...

You could create an account (local) for him to use just to install stuff -
but I think the better solution is for him to contact you when he needs to
install something, you remotely install it. That way - you don't have a
user with administrative rights randomly installing stuff on a computer they
do not own and do not do the troubleshooting for.

Above and beyond the risks of giving a regular user of a company owned
computer admin rights is the learning curve of having the user either do a
'run as' or risk of him not being able to log back into the domain account
after logging in locally if he logs off.

You remotely installing is a much better/workable solution.
 
I am looking for a similar solution.

The problem with the solution mentioned below is it does not scale.

Ideal solution would be
Step 1: User runs into issue that requires local admin access
Step 2: User contacts support with valid reason for admin access
Step 3: Support provides a temporary "key" to allow for admin level access
for x amount of time
Step 4: User enters key, gets access
Step 5: Access goes away after X amoutn of time

Any ideas????

- Chris
 
Buzby said:
I am looking for a similar solution.

The problem with the solution mentioned below is it does not scale.

Ideal solution would be
Step 1: User runs into issue that requires local admin access
Step 2: User contacts support with valid reason for admin access
Step 3: Support provides a temporary "key" to allow for admin level
access for x amount of time
Step 4: User enters key, gets access
Step 5: Access goes away after X amoutn of time

Any ideas????
Click to expand...

MakeMeAdmin modification?

Truthfully though - I wouldn't make a user administrator without true admin
supervision - so remote interaction has been my solution - with me or
co-workers doing the request.
 
Back
Top