![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
exchange keys
Limp Gawd
- Joined
- Feb 18, 2009
- Messages
- 339
I'm looking for "best practices" on how to set up a user account for one Jr Admin, which will most likely be only helpdesk analyst and desktop support. However, in order to further train him into a system admin role, I'd like him to have limited access to resources such as Active Directory, vSphere, Citrix XenApp 5, Symantec Messaging Gateway and Symantec Backup Exec.
For AD, I was thinking of setting a security group called Jr Admins, adding his user account in it, and then delegating his security group to the OU where the users and computers are so that he can unlock accounts and do password resets. I'd like him to be able to create new user accounts as well, and some some print management (i.e., delete print jobs from print queues).
For VMWare, I wanted to add this Jr Admins security group into the vSphere's user management, and just give Read options to view virtual resources, but not things like "restart/shutdown" guest VMs or hosts. I don't want him to modify vms either (i.e., Edit Settings).
For Citrix, I would want to do the same as VMWare, but with a bit more access. I want this security group to be able to discovery Citrix resources, and be able to log off and reset user sessions. I'd like him to be able to Modify Servers for published apps (e.g., for when he needs to isolate a Citrix server for maintenance).
I'm not sure how to do these things step-by-step, but I have an idea. If you guys have documentation on this already (or links that are helpful), please let me know.
Thank you.
For AD, I was thinking of setting a security group called Jr Admins, adding his user account in it, and then delegating his security group to the OU where the users and computers are so that he can unlock accounts and do password resets. I'd like him to be able to create new user accounts as well, and some some print management (i.e., delete print jobs from print queues).
For VMWare, I wanted to add this Jr Admins security group into the vSphere's user management, and just give Read options to view virtual resources, but not things like "restart/shutdown" guest VMs or hosts. I don't want him to modify vms either (i.e., Edit Settings).
For Citrix, I would want to do the same as VMWare, but with a bit more access. I want this security group to be able to discovery Citrix resources, and be able to log off and reset user sessions. I'd like him to be able to Modify Servers for published apps (e.g., for when he needs to isolate a Citrix server for maintenance).
I'm not sure how to do these things step-by-step, but I have an idea. If you guys have documentation on this already (or links that are helpful), please let me know.
Thank you.