1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

How does a server privilege management system work?

Discussion in 'Security and Privacy' started by felicityblue, 2017/02/02.

  1. 2017/02/02
    felicityblue

    felicityblue Well-Known Member Thread Starter

    Joined:
    2014/09/09
    Messages:
    87
    Likes Received:
    0
    I have seen instances where administrators abuse their privileges and read other mailbox accounts, there are times that their accounts have been compromised externally and are being illegitimately accessed. How can we best safeguard against this, and provide management assurance that validates our control? Can a server privilege management tool solve this problem?
     
    felicityblue,
    #1
  2. 2017/02/02
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    3,368
    Likes Received:
    411
    We need more information.

    Who do these administrators work for? If you are their boss, fire them, or at least put them on notice. If you are just an employee and their boss is allowing it, there is nothing you can do. If their boss does not know it is happening, report it. But do understand the big boss has the right to read his/her employee's emails.
     
    Bill,
    #2


  3. to hide this advert.

  4. 2017/02/02
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Probably moot because server privilege management is usually done by an administrator; if the admin abuses his power what's the point? Depending on the server operating system there are mgmt tools that can be used to fine tune even an admin's capabilities. For example, on Linux, one can control what Groups a user is a member of, one can remove an admin from the Mail group. Windows server probably has similar functionality.
     
    TonyT,
    #3
  5. 2017/02/03
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    3,368
    Likes Received:
    411
    I agree 100% with Tony. Nevertheless, management needs to know what is going on - ESPECIALLY if one of the admin is abusing his position.
     
    Bill,
    #4
  6. 2017/02/03
    Steve R Jones

    Steve R Jones SuperGeek Staff

    Joined:
    2001/12/30
    Messages:
    12,314
    Likes Received:
    252
    Are they abusing their privileges or doing their job as order from the company brass hats:cool:
     
    Steve R Jones,
    #5
  7. 2017/02/03
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    3,368
    Likes Received:
    411
    That's the thing. As I noted in my first reply, the big boss can view anything on "his" network and company owned computers. And that's how it should be. And the big boss can designate/delegate that responsibility and authority to anyone else. But just because a designated administrator can, that does not mean he/she should. IMO, there should be probably cause and/or direction from the big boss.
     
    Bill,
    #6
  8. 2017/02/14
    felicityblue

    felicityblue Well-Known Member Thread Starter

    Joined:
    2014/09/09
    Messages:
    87
    Likes Received:
    0
    It happened in a company where my friend works.
    The management in the company where I work have suggestions open on how operations can be improved. We can even send the suggestions anonymously so I was thinking about sending in something about it. I even did a bit of research and this solution by Beyond Trust looks helpful. Though, I get what you guys are saying about the administrator handling server privelege management anyway.
     
    felicityblue,
    #7
  9. 2017/02/14
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Privilege should be setup in a hierarchy.

    Super Admin - can do anything at all - answers directly to company owner, board president, etc.
    Admins - administer specific functions with some restrictions - answers to super admin
    Users - limited to their duties - answers to admin over the division or department

    Depending on size of the company, 1-2 super admins, one or several admins, users.
    A company owner OWNS all the email messages. If he/she needs the messages monitored it should be done by the super admins only and news of it should not be promoted to admins or users. The only admin that should be aware of it is the admin(s) in charge of email services. And company policy should be established that governs server administration.

    That problems exist in this scene indicate that policy is lacking, privileges are mis-assigned and admins have personal low ethics levels. I would first handle each admin and set 'em straight, get then to become more moral, reevaluate them, assign privileges to each and then clarify company policy.

    No software will solve this type of problem. The server management software already exists on the server. Either the admins don't know how to use it or they are too criminal-minded to seek it out and learn how to use it.
     
    TonyT,
    #8
  10. 2017/02/14
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    3,368
    Likes Received:
    411
    Which makes me suggest you stay out of it, unless your company has been contracted by your friend's company, and you are looking into it at the direction and full knowledge of your managers.
     
    Bill,
    #9

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...