According to this report, cybercrime costs are predicted to increase by 15 percent every year and inflict damages worth $6 trillion globally. The most important takeaway from this statistic is that companies need to make their cyber security perimeter protection stronger and make smarter security policies now, more than ever. This includes focusing on preventing insider threats by implementing security principles like principle of least privilege and role based access control as a standard practice throughout the organization. They should be implemented especially for the core practices like delegation of critical Active Directory management operations to help desks.
ADManager Plus offers a non-invasive, granular delegation with options to delegate roles based on domain, sites, or OUs with custom role creation. The rights of the technician in Active Directory are not elevated by this delegation, and the roles and access permissions delegated through the product can be performed only through ADManager Plus. You can create a custom role and delegate it to a help desk technician securely with the steps below.
Steps to create a custom help desk role
Logon to ADManager Plus.
Navigate to Delegation > Help Desk Roles > Create New Role.
Enter a suitable name and description for the role.
From the list of tasks listed under management, reporting and administration, select the tasks that you wish to include in this role.
If you wish to prevent a user with this role from using the bulk modification feature or the CSV import option, select the Deny Bulk Modification or Deny CSV Import options respectively.
While creating users, if you wish to restrict the access to only specific attributes, use the User Attribute Privileges link located in the 'Create Users' section and select the desired attributes.
For a more granular selection of the attributes that can be modified/tasks to be included in the role, click the '+' icon located beside each task/action.
Click on the Save Role button to create the new custom role.
Steps to assign the custom role to a help desk technician
Navigate to Delegation tab > Help desk technicians.
From the list of help desk technicians, click on the edit icon present near the technician's name you wish to assign the role to. You can also create a new help desk technician by selecting the + Create New Technician button.
You can now assign multiple roles and templates in the Delegate roles for the domains section.
Enable Impersonate as Admin option to allocate admin permissions to the users.
Click Save Changes.
Tune in next week for another interesting hack to help you make your identity and access management more efficient.
Cheers,