Sign in with
Sign up | Sign in
Your question

Network Management Rights/Permissions

Last response: in Windows 2000/NT
Share
Anonymous
March 31, 2005 1:37:06 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

We're having a conflict in network management at our company. My question is
does anyone have an organizational chart from the Network level to the Help
Desk Tech level WITH a list of network rights/permissions each tech needs to
do his job? At this time our team lead, who has 5+ years of network &
computer support experience can not move users to resolve issues with GPO
restriction, ability to change default printer group, ability to kill stuck
print jobs on the server, ability to unlock executive or IT accounts when Sys
Admin & Network Tech are out of the office. Backround on situation: We're
running a Windows 2003 Server/SAN environment of approximately 35 Dell
servers with a mix of W2K & XP OS. I'm a Computer Tech with 6 years W2K & XP
networked computer experience. I've been at the company headquarters of 600+
nationwide employees for two months now. We are a private company that is
always open to the public, headquartered in a major metropolitan area and are
not a financial institution. Two other Computer Techs and I report to our IT
Support Team Lead. Directly above our team lead is a Network Technician who
reports to the company's System Admin who has six or more years of military &
private sector network experience. Everyone mentioned above have been at the
company from 10 months to two years, have administrator network accounts and
work in the same office room 'together'. There are no walls, partitions or
dividers between any of us. The issue is that we're experiencing a bottleneck
at the System
Admin level in terms of escalating networked computer related issues. The
System Admin has a military background and has been exercising that form of
network management on our company for the past two years that he's been here
all by himself in that capacity. The Network Technician has held his position
for a year, is basically filling a role, and is flat-out all-around
incompetent. He was a Level One tech upto his promotion. So most network
related issues are escalated to the System Admin. For instance, we've had XP
for two years now ONLY on the 7 to 10 office PCs in our IT Dept. All other
employees ran W2K on PCs, and XP on 100
remote laptops. So just last week our System Admin 'allowed' the Computer
Techs to deploy 50 XP PCs. Problem was it was last minute and we realized
through trial & error that he had policies set to not allow users to install
ANY company printers. His resolution was that we login as ourselves, install
the printers, and then login as the user and install the same printers that
they needed. As Level One and Level Two techs, we found this process absurd.
Our team lead barely has any network administrating rights. So once we
escalate anything to our team lead, he's dead in the water in terms of
escalating the issue up to the Network team. This type of secure environment
has affected the CEO & VPs on occasion but the Sys Admin retains his
position. No one is related to the other in the company but the Sys Admin and
Network Tech have become close friends in the two years they've worked
together. Again, my question is does anyone have an organizational chart from
the Network level to the Help Desk Tech level WITH a list and/or description
of network rights/permissions each tech needs to do his job? We have a
meeting today on the matter and I'm trying to gather material.
Anonymous
March 31, 2005 7:51:09 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

A144mb,

Sounds like you are walking down a bit of a dangerous path...

The real answer to your question is: Users, whether they are System
administrators, Technicians, or janitors, should be assigned the minimum
rights that allow them to effectively do their job.

I know this isn't what you wanted, but no pre-fabricated org chart would
really fit your needs as it may actually cause trouble because rights and
permissions enumerated there would not match your responsibilities and
potentially open up security vulnerabilities.

It does sound like your organization is lacking on the planning end and that
the leadership is not taking the role that is should in championing
effective project management.

One of the best ways to introduce this into an organization is through the
implementation of formal planning and change control procedures. Take a
look at the Microsoft Operations Framework for more information on this.

You need to fight for the rights required to do your job, but be careful how
you do it.

--
Ryan Hanisco
MCSE, MCDBA
FlagShip Integration Services
Chicago, IL

"a144mb" <a144mb@discussions.microsoft.com> wrote in message
news:79A20E93-906D-4DD2-B752-D964696336DE@microsoft.com...
> We're having a conflict in network management at our company. My question
> is
> does anyone have an organizational chart from the Network level to the
> Help
> Desk Tech level WITH a list of network rights/permissions each tech needs
> to
> do his job? At this time our team lead, who has 5+ years of network &
> computer support experience can not move users to resolve issues with GPO
> restriction, ability to change default printer group, ability to kill
> stuck
> print jobs on the server, ability to unlock executive or IT accounts when
> Sys
> Admin & Network Tech are out of the office. Backround on situation: We're
> running a Windows 2003 Server/SAN environment of approximately 35 Dell
> servers with a mix of W2K & XP OS. I'm a Computer Tech with 6 years W2K &
> XP
> networked computer experience. I've been at the company headquarters of
> 600+
> nationwide employees for two months now. We are a private company that is
> always open to the public, headquartered in a major metropolitan area and
> are
> not a financial institution. Two other Computer Techs and I report to our
> IT
> Support Team Lead. Directly above our team lead is a Network Technician
> who
> reports to the company's System Admin who has six or more years of
> military &
> private sector network experience. Everyone mentioned above have been at
> the
> company from 10 months to two years, have administrator network accounts
> and
> work in the same office room 'together'. There are no walls, partitions or
> dividers between any of us. The issue is that we're experiencing a
> bottleneck
> at the System
> Admin level in terms of escalating networked computer related issues. The
> System Admin has a military background and has been exercising that form
> of
> network management on our company for the past two years that he's been
> here
> all by himself in that capacity. The Network Technician has held his
> position
> for a year, is basically filling a role, and is flat-out all-around
> incompetent. He was a Level One tech upto his promotion. So most network
> related issues are escalated to the System Admin. For instance, we've had
> XP
> for two years now ONLY on the 7 to 10 office PCs in our IT Dept. All other
> employees ran W2K on PCs, and XP on 100
> remote laptops. So just last week our System Admin 'allowed' the Computer
> Techs to deploy 50 XP PCs. Problem was it was last minute and we realized
> through trial & error that he had policies set to not allow users to
> install
> ANY company printers. His resolution was that we login as ourselves,
> install
> the printers, and then login as the user and install the same printers
> that
> they needed. As Level One and Level Two techs, we found this process
> absurd.
> Our team lead barely has any network administrating rights. So once we
> escalate anything to our team lead, he's dead in the water in terms of
> escalating the issue up to the Network team. This type of secure
> environment
> has affected the CEO & VPs on occasion but the Sys Admin retains his
> position. No one is related to the other in the company but the Sys Admin
> and
> Network Tech have become close friends in the two years they've worked
> together. Again, my question is does anyone have an organizational chart
> from
> the Network level to the Help Desk Tech level WITH a list and/or
> description
> of network rights/permissions each tech needs to do his job? We have a
> meeting today on the matter and I'm trying to gather material.
!