With an AD rights management model, you reduce the administrative effort and also increase the security level. With role-based rights management models, you obtain traceable and transparent authorization and authentication processes.
Mirroring the company into IT
Functional roles in the company are mapped in Windows groups. With the role-based delegation of authorizations, it is possible to define
defined administrative tasks
limited execution rights
limited areas in the Active Directory directory service and in IT peripherals
the mapping of administrative functions in IT applications.
This is used to control access. This is an important component of IT security. The functional role model continues to be the basis for identity management platforms and ITIL integration.
Transparency makes safe and saves work
The decentralized distribution of IT administration via groups and functional roles bundles the general administrative tasks in IT.
Prerequisites for successful rights delegation are:
the mapping of the enterprise organizational chart into AD organizational units (OU)
the definition of administrative roles within the work processes
the mapping of the functional roles in Windows groups
Even more security!
A significant gain in security is based on the minimized assignment of rights within the entire AD infrastructure in all executive areas through restricted Windows group memberships (least amount of privilege) and customized group policy applications.
Consulting on AD rights and delegation concepts
Recording of business processes and development of a rights strategy
Creation of a catalog of activities for the AD delegation model
Organization design according to organization chart and site topology
Mapping of administrative roles in a Windows group design
Presentation of a rights matrix according to the “floating rights” principle
Delegation templates for group policy and Exchange user management
Delegated user helpdesk management for 1st to 3rd level with on-board consoles (ITIL compliant)
Delegated function server management in the periphery
Script-based rights assignment and access list cleanup
Service account management in the context of the rights concept