Alternative admin logins

This issue has been solved. See solution.
umms_admin's picture
umms_admin
May 26th, 2009

Two questions:

 

  • Are logins to the SEPM console logged anywhere? So if I want to see what action was taken under a particular login can I look to a log file?
     
  • Can you restrict, at the group level, what an administrator can do? IE. the admin can scan and update clients, but cannot delete or create new groups?

     

I need our Desktop group to have a login and they need to be able to perform some functions, but I dont want them to be able to create groups, or worse yet delete groups.

Thanks

Filed under: , , , ,
0 votes
sandip_sali's picture
sandip_sali
25 weeks 6 days ago

Alternative admin logins

Solution

Hi,

      This is the file where you would find information about the SEPM login.

imagebrowser image

There are three types of administrators:

■ System administrator
■ Administrator
■ Limited administrator

System administrators have full capabilities throughout the network they
administer. They are the equivalent of superusers. In a system with multiple
domains, a system administrator can administer any domain. System
administrators see only those administrators administering the domain they are
administrating.

Administrators have limited capabalities, specified by the administrators that
create them. An administrator can administer only the domain in which he was
created.

System administrator tasks
You can centrally manage administrators from the Admin page. When the
Administrators button is selected, the View pane shows all administrators who
are managing the domain into which the administrator is logged. This includes
all system administrator, administrators, and limited administrators.

System administrator tasks include:

■ Renaming an administrator
■ Changing an administrator's password
■ Editing an administrator's properties
■ Removing an administrator
■ Adding an administrator
Setting up administrative accounts
About the types of administrators

Administrator tasks

You can centrally manage administrators from the Admin page. When the
Administrators button is selected, the View pane shows all administrators in your
domain.
Administrator tasks include:
■ Renaming an administrator
■ Changing an administrator's password
■ Editing an administrator's properties
■ Removing an administrator
■ Adding an administrator

Thanks & Regards

Sandip C Sali

0 votes
SOLUTION
Cycletech's picture
Cycletech
25 weeks 6 days ago

Here is a screenshot of the

Here is a screenshot of the limited admin group rights.

imagebrowser image

0 votes
umms_admin's picture
umms_admin
25 weeks 6 days ago

The problem with the limited

The problem with the limited administrator is that you cant manage the control at the GROUP level.  For example. If I create a limited administrator, I can only grant them Full Control, No access or Read Only. However, thats not granular enough. I want to be able to limited the actions that they can take even further. I do not want them to have the ability to synch with AD for example, or delete a group.
That is the kind of granularity I am looking for. I need to give the desktop and/or the helpdesk  teams some control over what they can do, but I also have to have some control over the damage that they can do.

0 votes
umms_admin's picture
umms_admin
25 weeks 6 days ago

How about the log file when

How about the log file when someone connects through the web console?

0 votes