The title may be slightly misleading but I'm interested in best practices for delegating administrative access for two different scenarios:
- giving developers local administrative access to certain development servers
Initially I would just add the dev's AD account to the local Administrators group but this strategy quickly becomes difficult to manage. My second thought was to create a security group, add all developers to it and assign that group under the local Administrators group on the few development servers which they need access to. Please point out any problems with this strategy or if there is a better/easier/more standardized method.
And the second:
- currently I am the only one who holds domain admin privledges. I am planning on locking away an envelope with passwords so that the company is not dead in the water if I get hit by a car (or some such accident occurs). My immediate concern however is my ability to take a vacation and delegate control to my boss for the duration of my absense.