Answer the question
In order to leave comments, you need to log in
How to manage administrator rights on servers in a heterogeneous environment?
Here I asked a question.
How is it more correct or more convenient or better to manage administrator rights to servers?
For example, I now under each server where I need to give rights to a special set of users - I create a group that is part of the local administrators group for this server.
Let's say there are 5 servers. SER001TL, SER002TL, etc. up to 5. 5 groups have been created in AD - SER001TL.admins , SER002TL.admins, etc. There is also SER.Global.Admins.
Global admins - gives administrator rights on all servers of the SER type. Moreover, the server receives this group automatically when I move it to the desired container in AD.
But I add SERxxx manually.
Are there more convenient ways? What do you think?
Answer the question
In order to leave comments, you need to log in
Read already about delegation of authority
global site - only domain administrators - Vasya and
Zhenya office1 site - delegation of rights to Katya and Petya
and Tamara from HR can only add accounts and reset passwords.
all.
For me, you are doing it right, only I would name the groups not by the name of the server, but by roles or in some general way, for example: "MSSQL Administrators", "Terminal Server Administrators", you know better, then through the GPU (Computer Configuration-> Settings ->Control Panel Settings->Local Users and Groups), if your servers are scattered across different "OUs", I would add the necessary groups to the local "Administrators" group, if not scattered across "OUs", then handles on each server.
In this case, it will not be necessary to drop users separately into a specific server group, but it will be enough to drop them into a group with the desired role, thereby granting admin rights immediately to a group of servers.
As for global admins, create such a group and include it in groups by roles, then it will not be necessary to include it separately in the local admins group, or include such a group through the GP.
Why did you call the environment heterogeneous? If you have it all from MS Windows Server, then it is quite homogeneous and using AD for rights management is a completely kosher solution.
Only the "Do it right!" button is more convenient. =) What do you want then?
a more complicated option is to tie authorization to AD on Unix servers and a proxy on a squid, but you can also
The best solution is to use flex .
Alas, I’ll make a reservation right away, even in IE11, elements do not stretch to the height of the container with display:flex if it has a minimum height of min-height:100% .
<div class="container">
<div class="header"></div>
<div class="main">
<div class="content">
<div class="block"></div>
<div class="block"></div>
<div class="block"></div>
<div class="block"></div>
<div class="block"></div>
</div>
<div class="sidebar"></div>
</div>
<div class="footer"></div>
</div>
html {
background: #f6f6f6;
}
body {
margin: 0;
}
html,
body,
.container {
height: 100%;
}
.container {
position: relative;
min-width: 600px;
}
.header {
position: absolute;
top: 0;
right: 0;
left: 0;
height: 80px;
background: #9c6;
}
.main {
display: flex;
box-sizing: border-box;
min-height: 100%;
margin: 0 0 -120px;
padding: 80px 0 120px;
}
.content {
flex-grow: 1;
background: #ccf;
}
.sidebar {
flex-basis: 200px;
background: #f99;
}
.footer {
height: 120px;
background: #69c;
}
.content:before,
.content:after {
content: "";
display: table;
}
.block {
width: 150px;
height: 100px;
margin: 10px;
background: #f96;
}
<div class="container">
<div class="header"></div>
<div class="main">
<div class="content">
<div class="block"></div>
<div class="block"></div>
<div class="block"></div>
<div class="block"></div>
<div class="block"></div>
</div>
<div class="sidebar"></div>
</div>
<div class="footer"></div>
</div>
html {
background: #f6f6f6;
}
body {
margin: 0;
}
html,
body,
.container {
height: 100%;
}
.container {
position: relative;
min-width: 600px;
}
.header {
position: absolute;
top: 0;
right: 0;
left: 0;
height: 80px;
background: #9c6;
}
.main {
position: relative;
box-sizing: border-box;
min-height: 100%;
margin: 0 0 -120px;
padding: 80px 0 120px;
}
.main:after {
content: "";
display: block;
clear: both;
}
.content {
float: left;
width: 100%;
margin-right: -200px;
}
.sidebar {
float: right;
width: 200px;
}
.content:before,
.sidebar:before {
content: "";
position: absolute;
z-index: -1;
top: 80px;
bottom: 120px;
}
.content:before {
left: 0;
right: 200px;
background: #ccf;
}
.sidebar:before {
right: 0;
width: 200px;
background: #f99;
}
.footer {
clear: both;
position: relative;
height: 120px;
background: #69c;
}
.block {
width: 150px;
height: 100px;
margin: 10px;
background: #f96;
}
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question