SmartCode Solutions Web Forum




Linked AD authentication groups

Author Message
 Posted Tuesday, November 22, 2011
Forum Member

Forum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum Member

Group: Forum Members
Last Login: Monday, August 20, 2012
Posts: 43, Visits: 105
In our shop, we have certain workstation analysts who have been assigned a group of computers.  Is there a way now, or could it be implemented.... some way to give a group of analysts rights to control only certain groups of workstations.

For instance, we would like the workstation analysts to have control over all workstations, except, department heads, accounting, HR, etc.  Only certain network analysts can control the accounting and department heads, and only the manager can control the HR computers.
One analyst can have responsibility for one building, but not another.

Right now, the properties of the workstations use the settings from the "Parent Active Directory properties"....  I could use the "this computer properties", but thats alot of objects to change......and if we need to change passwords....oh my!

Maybe have the authentication groups in the "Use settings from":  area of the workstation properties.  It would also be nice to have the option of password protecting the groups, so that the analysts who do not have authorization to make changes, can not do so.

Thanks,

Shane Van Loenen

EE 6.5.4.0 x64 SQL
Post #3997
Add to Twitter Add to Facebook
 Posted Tuesday, November 22, 2011
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Administrators
Last Login: Friday, April 11, 2014
Posts: 1,720, Visits: 3,226
Hi Shane,
I'm considering adding an ability to inherit settings from the parent container (OU or CN=Computers) feature in the nearest future.
Would be any help for you? Perhaps computers of the department heads, HR, etc could be grouped in a single OU and have special settings assigned?

It would also be nice to have the option of password protecting the groups, so that the analysts who do not have authorization to make changes, can not do so.

Just to let you know, you may register an AD with non-admin password. You will be able to browse the AD's hierarchy and computers, but won't be able to change any properties.


http://www.s-code.com/App_Themes/Default/images/blue_line.gif
Kindest Regards,
SmartCode Solutions Support
Post #3999
Add to Twitter Add to Facebook
 Posted Wednesday, November 23, 2011
Forum Member

Forum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum Member

Group: Forum Members
Last Login: Monday, August 20, 2012
Posts: 43, Visits: 105
No, that would not help as all the analysts have access to the same database, and as such, would have access to all the OUs.  Right now, I have separate databases for the groups of analysts to segregate the users.  It is just time consuming because I need to update all the databases when changes are made.  With linked ad, this makes it a whole lot easier, but I still have a bunch of databases that need to be maintained.

Having an authentication group would solve that, as long as there was a password option to protect the configuration of the group and or protecting the ability to change which group the registered workstation uses.  As having a admin password to the configuration/options area of VNC manager would protect changes.

Maybe our organization is unique in that all the analysts do not have the same security levels.

Thanks for listening
Post #4001
Add to Twitter Add to Facebook
 Posted Wednesday, November 23, 2011
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Administrators
Last Login: Friday, April 11, 2014
Posts: 1,720, Visits: 3,226
Request to add support for group/folder based security, although not often, it still keep appearing on the regular basis. I think now, when SmartCode VNC Manager can work with SQL Server, time has come to implement this feature.

So the good news is that in the nearest time, most likely next week, we will start working on this feature. The not so good news is that feature gonna be supported with SQL-based configuration profiles only.


http://www.s-code.com/App_Themes/Default/images/blue_line.gif
Kindest Regards,
SmartCode Solutions Support
Post #4002
Add to Twitter Add to Facebook


Similar Topics

Expand / Collapse

Reading This Topic

Expand / Collapse