we have some field service guys that work locally for some of our customers, we want to transfer the tasks of managing file servers and print servers to them. first we Thought about giving them local admin access, but it is not very secure. so my question is can we delegate file srv and print srv managing (create sharings/install printers/assign and change permissions ) to other users in windows 2008 R2 without giving them full admin rights?
Asked
Active
Viewed 327 times
1
1 Answers
0
Yes, but it is far more complicated than making them a local admin. It's also tricky to split out "printer install" rights from "install rights" in general.
You can use software like SuRun or Privilege Manager (Dell / ScriptLogic) to work like sudo in *nix - you can specify specific programs that can be elevated to admin, or you can edit ACLs for users etc... You can also use scripts in something like AutoIT to embed admin credentials for running programs without sharing those with the end user (when compiled to an exe).
Changing permissions is just part of the ACL, you give their security group "Full Control" over those folders / files and they can edit permissions, but they can even remove their own permissions to change settings.
jmp242
- 668
- 3
- 13