September 24, 2009 at 4:06 am
Hi All,
Our proj team makes use of windows server 2003 & SQL server 2005. The users/clients access the windows prod server directly to use the databases as the SQL server registration cannot be done due to some network issues. All people use a single domain account & all have admin rights. The problem is the clients are required to do some admin tasks & hence cannot be restricted. But in coming days if something goes wrong on database it will be difficult to identify who exactly did it.
Please suggest some ways/best practices so that the clients can access the windows server & also there is some amount of restriction to deletes & modifications on the OS server.
----------------------------------------------------------------
**"There is only one difference between dream and aim. Dream requires Soundless sleep to see…Where as Aim Requires Sleepless Efforts to Achieve":-) **
September 24, 2009 at 7:06 am
For SQl Server, you can remove the BuildIn/Administrator role (before removing it make sure you add your windows user as a Sysadmin). That means not every administrator can log on to the system. You can add each of these users individually and give them the rights they require just like you give rights to any normal user.
For Windows, You should take a look at the Local Policy. I think you can set up users in such a way that they can do the required job without being the local admin or Domain admin. But dont quote me on that. 😉
-Roy
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply