In my company the user only have user rights on their computers. As you should know you’ll face many problems with this restriction.
Many users want to install third party software on their computers or add a printer at home. To reduce argues and make the user happy, I’ll assign administrator rights for a temporary time.
Based on a predefined GPO and based on a list showing which user has administrator rights in a specified time period, my PowerShell script creates new temporary GPO to assign local administrator rights.
As they are in most cases unaware of those files or even don’t understand what the file check-in/check-out is about, it’s almost impossible to handle this files.
KeePass is a highly recommended Passwordsafe. Despite its supposed to be used mainly by private people it’s adaptable for business cases. In my company the KeePass password database is saved on a SharePoint folder and is encrypted with a password and a private key. The key has to be stored on the local machine.
It could be difficult to force employees to store their passwords in the KeePass database as many won’t get along with it. They’ll more likely store their password in third party tools.
However storing a users password in another programm as KeePass f.e. microsoft remote desktop can be a security risk because the password is only encrypted in the user context.
This might not be best practise but based on the situation you as administrator have to enable this feature.
Making distribution lists externally available is great for spammers, so if you enable this feature, do this as less as possible.
To enable a exchange distribution list for external use I recommand to use this simple PowerShell command:
Set-DistributionGroup <groupname> -RequireSenderAuthenticationEnabled $false
A good way to start writing a custom function in PowerShell is an advanced template like this.
This is my custom PowerShell function template, whenever I’m writing a new script I’ll start with one of my templates. Having consistency in structure and naming of code is an important part in collaboration.
As in on of my last post I’ve showed you my approach to manage distribution groups in the hierarchical structure of an ActiveDirectory installation. In the mean time I’ve adapted a similiar approach for the security groups.
