|
My company is going through a merger, and recently the parent company came over to look at our IT systems and processes. They apparently didn't like the way we allow remote admins (including me) to log on to servers using our own accounts, and asked the network security group to change permissions. So they did ... but didn't really tell anyone. The only thing was a posting on our internal message board that we should remember to ask for "superadmin" account access if we need it, with a note at the end to check that our backups were using the correct accounts.
Turns out, that was their way of announcing a major change in policy. I now have to use Remote Desktop to get into these machines, and we're finding things every day that was can no longer do, that we used to be able to. So, today, a coworker finds he can't get into DHCP remotely, and the remote server is telling him that the event log is full and only an administrator can get into it to clean it out.
So, he tell the networking group that he can't get into DHCP, and the reply is, "Good find."
Good find? You mean, you didn't know that was going to be a result of the policy you just applied?! I understand - it's AD, lots of tricky stuff going on there. I understand we don't have money for a proper testing environment. But, sheesh, at least get someone who really knows AD and can have a good guess as to what the result of the policy change is going to be. We're gonna spend two months running into things and having them tweak the policy as a result.
_________________
This cold and dark tormented hell
Is all I`ll ever know
So when you get to heaven
May the devil be the judge
|
Login
Register
FAQ
Search
