C
Curtis
My question is, we have six remote locations, with a
server at each location, and several servers at our main
location. Long ago my boss setup each server with a user
name with domain admin rights on each. We use no special
policy for the servers. Recently we upgraded to Win2000
servers, and I change it to only log into the servers
with only one user name with domain admin rights, so all
of our servers in all of the locations use one user name.
MY boss wants to change it so we have different names at
each locations, but he only see the difference in the log
in name, and not the rights given, I'm I correct, that it
does not matter if the servers log in name is CHEVY with
domain admin rights or FORD with domain admin rights,
it's the rights assign as DOMAIN ADMIN that count. Again
we have NO special login or anything special with the
servers. My boss is afraid that the one user name gives
them the keys to the entire castle, but it's the same
with 10 user names with Domain Admin rights, IS this
correct.
Also what is the best way to setup a server in a remote
location that the secretary is the only one to have the
need to login and restart the server? My thought is not
to have the person log into the server but, have it set
at the "Ctrl+Alt+Del" screen, and if the server needs to
be restarted, one should be able to press the key combo
and choose to restart or shut down, with out having to
log in, or unlock the screen to restart. Physical
security is really not a concern. We also can connect
through Terminal services to administer the server, but
at time something might happen to need someone at the
screen??????????
server at each location, and several servers at our main
location. Long ago my boss setup each server with a user
name with domain admin rights on each. We use no special
policy for the servers. Recently we upgraded to Win2000
servers, and I change it to only log into the servers
with only one user name with domain admin rights, so all
of our servers in all of the locations use one user name.
MY boss wants to change it so we have different names at
each locations, but he only see the difference in the log
in name, and not the rights given, I'm I correct, that it
does not matter if the servers log in name is CHEVY with
domain admin rights or FORD with domain admin rights,
it's the rights assign as DOMAIN ADMIN that count. Again
we have NO special login or anything special with the
servers. My boss is afraid that the one user name gives
them the keys to the entire castle, but it's the same
with 10 user names with Domain Admin rights, IS this
correct.
Also what is the best way to setup a server in a remote
location that the secretary is the only one to have the
need to login and restart the server? My thought is not
to have the person log into the server but, have it set
at the "Ctrl+Alt+Del" screen, and if the server needs to
be restarted, one should be able to press the key combo
and choose to restart or shut down, with out having to
log in, or unlock the screen to restart. Physical
security is really not a concern. We also can connect
through Terminal services to administer the server, but
at time something might happen to need someone at the
screen??????????