Announcement

Collapse
No announcement yet.

Access Rights

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access Rights

    Hello All,

    I have been evaluating Hyena for nearly the month that is given with the evaluation version and I REALLY like what I've seen. I will be having a meeting with my superiors within the next week or two to discuss licensing. Our Systems group has expressed some concerns about the Help Desk being able to do more than their domain credentials allow. Granted, Hyena encapsulates everything into one UI instead of having to open User manager, Server manager and a plethora of MMC snap-ins for things like remote event logs and such.

    The Help Desk staff are not Domain Admins, but rather Account Operators. They can add, delete and modify all user and computer accounts on the domain (Win 2000 in mixed 2k/NT mode) but cannot manager servers. My questions to all of you is this: What possible security issues could the systems folks throw at me that I need to be prepared for when I propose licensing? What have you seen in your environments? Any amunition for (and to refute arguments against) obtaining licensing would be appreciated.

    Regards,
    Dan

    Dan Loveman
    Northeastern University

  • #2
    Re: Access Rights

    If these 'operators' already know how to use MMC snapins, they can easily attempt to perform the same operations in MMC / Hyena that they are not supposed to be doing. Since they presumably won't have the access rights to perform those operations, Hyena/MMC will just give them access denied error.

    As you know, security on what you can do under Windows is controlled by Windows access permissions, etc. and Hyena cannot get around these rights. Since all of Hyena's functions can be performed outside of Hyena (using MMC or other Resource Kit tool), giving them access to Hyena does not give them more rights, control, or capability.

    Hyena has also been on the market for over 7 years now, so we've been doing this for awhile...

    Let us know if there are any other questions and thanks for your support.
    Kevin Stanush
    SystemTools Software Inc.

    Comment


    • #3
      Re: Access Rights

      Thanks! Under our old NT Domain, there was a builtin group called Account Operators. The same group has migrated into our AD environment. All in all, members of that group have access to modify all user accounts (except other account operators and Domain Admins).

      I'm not entiely sure what the problem is with the Help Desk using Hyena because as you said, the application does not grant access to anything more than domain credentials allow for. What other issues should I be aware of before I go for approval on this?

      From my point of view, this simply brings all the tools that would be otherwise scattered throughout Windows into one place. Am I incorrect?

      Thanks again for your time and knowledge!

      Regards,
      Dan

      Dan Loveman

      Comment


      • #4
        Re: Access Rights

        >>What other issues should I be aware of >>before I go for approval on this?

        I am not aware of any other issues.

        >>From my point of view, this simply brings >>all the tools that would be otherwise >>scattered throughout Windows into one >>place. Am I incorrect?

        Yes, that is correct.
        Kevin Stanush
        SystemTools Software Inc.

        Comment

        Working...
        X