Can I isolate an adminstrator to a label group instead of organization wide privileges?
At our higher education institution we have multiple computer labs. Each of these labs has someone who serves as adminstrator for that lab. Is there a way to limit administrative privileges to those individuals to their particular set of computers and not allow them organization wide administrative privileges? Thanks in advance for any advice you could give.
-
Thanks grayematter! I appreciate your time. - twhisenhunt 11 years ago
Answers (1)
I hope I am understanding the question properly. Please clarify if not.
If you use Active Directory, you should be able to group the computers and assign policies with AD for who has computer admin privileges. If the admin groups are static, you can add the appropriate lab managers to the local admin group on each computer.
If you are concerned about turnover or managing fluid delegation, you could create domain security groups for each space and assign the lab managers to the appropriate security groups. You can then make the domain security group a member of the local admin group. That way you only have to update the group memberships in AD and not on each machine.
Comments:
-
Thanks grayematter! We do use active directory. As someone new to KACE and IT I may not have presented the question correctly. I would like to allow each lab administrator privileges in KACE to manage their lab. In KACE I have not been able to provide anything other than organization wide privileges to technicians. I would like the lab administrators to only see and manage their labs computers when they are logged into KACE. I hope this helps. Again I appreciate any help or advice. - twhisenhunt 11 years ago
-
I had a feeling that is what you were asking.
Unfortunately, KACE doesn't allow that level of granularity. The user has either write, read, or no access to each of the module areas (as defined by their role, under Service Desk -> Roles).
The only option for doing something like this with KACE is to license and set up Organizations. This would completely segregate all of the data and functions for each group. Unless you have distinct processes, management, and reporting for each campus (or college, or division, etc.), Organizations is overkill.
This functionality has been posted in the K1000 Security topics on the uservoice forum, http://kace.uservoice.com. - grayematter 11 years ago