Annoying end user - Netware

This is a discussion on Annoying end user - Netware ; I recently had to deal with an annoying end user that wants and thinks he can administer user rights on a NAS. He recently gave me a diagram where he is promoted to administrator of the server, and having one ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Annoying end user

  1. Annoying end user

    I recently had to deal with an annoying end user that wants and thinks he
    can administer user rights on a NAS.

    He recently gave me a diagram where he is promoted to administrator of the
    server, and having one user groups.

    I told him it is not good practice to have one user groups and that it is
    better to have rights administered to a single user instead of a group of
    one user. His argument is that people can be added to the group at a later
    time and or if an employee leaves they can be added. I told him since we are
    dealing with about 20 users that I would simply rename the user if the
    employee left our organization.

    I also told him that it is the job of the network administrator to assign
    rights to files and folders, not an end user.

    He stormed out of my office and said he was going to talk to me boss.

    Today I am going to find documentation by Microsoft and Netware supporting
    my position.

    I welcome your thoughts in this matter.



  2. Re: Annoying end user

    I think his solution is better for the following reasons:

    1. You add the group to whatever user rights you want its members to have.
    You do this once only.

    2. When you want to remove /add other users, you don't have to stuff around
    navigating through the individual settings of the group policy to add /
    remove a user to a given right. You simply add/remove members from the
    global group using the users and computers console.

    3. You can see at a glance what rights are assigned to whom by browsing the
    groups members.





    "someone someplace" wrote in message
    news:ekJoc.4331$zO3.258@newsread2.news.atl.earthli nk.net...
    > I recently had to deal with an annoying end user that wants and thinks he
    > can administer user rights on a NAS.
    >
    > He recently gave me a diagram where he is promoted to administrator of the
    > server, and having one user groups.
    >
    > I told him it is not good practice to have one user groups and that it is
    > better to have rights administered to a single user instead of a group of
    > one user. His argument is that people can be added to the group at a later
    > time and or if an employee leaves they can be added. I told him since we

    are
    > dealing with about 20 users that I would simply rename the user if the
    > employee left our organization.
    >
    > I also told him that it is the job of the network administrator to assign
    > rights to files and folders, not an end user.
    >
    > He stormed out of my office and said he was going to talk to me boss.
    >
    > Today I am going to find documentation by Microsoft and Netware supporting
    > my position.
    >
    > I welcome your thoughts in this matter.
    >
    >




  3. Re: Annoying end user

    I completely agree with Rocky, but I have one point to add:

    Of course, no end user should be made Administrator. If the purpose
    is to let him change some rights on files and folders, you can add
    the new group he is made a member of to the Access Control List of
    the main folder, and give this group "Change" rights. But be sure to
    *not* give the group Full Control (they should not have the
    permission to take ownership), make sure that the Administrators
    group (the one that you are in) owns the files and has Full Control.

    --
    Vera Noest
    MCSE,CCEA, Microsoft MVP - Terminal Server
    http://hem.fyristorg.com/vera/IT
    *----------- Please reply in newsgroup -------------*

    "Rocky" wrote in
    news:#aiwXcOOEHA.1348@TK2MSFTNGP12.phx.gbl:

    > I think his solution is better for the following reasons:
    >
    > 1. You add the group to whatever user rights you want its
    > members to have. You do this once only.
    >
    > 2. When you want to remove /add other users, you don't have to
    > stuff around navigating through the individual settings of the
    > group policy to add / remove a user to a given right. You
    > simply add/remove members from the global group using the users
    > and computers console.
    >
    > 3. You can see at a glance what rights are assigned to whom by
    > browsing the groups members.
    >
    >
    >
    >
    >
    > "someone someplace" wrote in message
    > news:ekJoc.4331$zO3.258@newsread2.news.atl.earthli nk.net...
    >> I recently had to deal with an annoying end user that wants and
    >> thinks he can administer user rights on a NAS.
    >>
    >> He recently gave me a diagram where he is promoted to
    >> administrator of the server, and having one user groups.
    >>
    >> I told him it is not good practice to have one user groups and
    >> that it is better to have rights administered to a single user
    >> instead of a group of one user. His argument is that people can
    >> be added to the group at a later time and or if an employee
    >> leaves they can be added. I told him since we

    > are
    >> dealing with about 20 users that I would simply rename the user
    >> if the employee left our organization.
    >>
    >> I also told him that it is the job of the network administrator
    >> to assign rights to files and folders, not an end user.
    >>
    >> He stormed out of my office and said he was going to talk to me
    >> boss.
    >>
    >> Today I am going to find documentation by Microsoft and Netware
    >> supporting my position.
    >>
    >> I welcome your thoughts in this matter.


  4. Re: Annoying end user

    There is a huge benefit of using User Groups instead of single users. Sounds
    like you only have 20 users in your organisation, but how do you think big
    companies with >1000 users do? They can have groups of about 50-100 (or
    more) people, needing the same rights. The administrator (you) will spend
    all they long configuring user rights only...

    Rename a user when that user leaves the company? You realize that this
    doesn't create a new user, and that the new user will have access to
    everything that the old user had access to? In the end, this will not be
    managable, and you will end up with a big mess, having no idea who has
    access to what.

    --
    Regards,
    Kristofer Gafvert - IIS MVP
    http://www.ilopia.com - When you need help!


    "someone someplace" wrote in message
    news:ekJoc.4331$zO3.258@newsread2.news.atl.earthli nk.net...
    > I recently had to deal with an annoying end user that wants and thinks he
    > can administer user rights on a NAS.
    >
    > He recently gave me a diagram where he is promoted to administrator of the
    > server, and having one user groups.
    >
    > I told him it is not good practice to have one user groups and that it is
    > better to have rights administered to a single user instead of a group of
    > one user. His argument is that people can be added to the group at a later
    > time and or if an employee leaves they can be added. I told him since we

    are
    > dealing with about 20 users that I would simply rename the user if the
    > employee left our organization.
    >
    > I also told him that it is the job of the network administrator to assign
    > rights to files and folders, not an end user.
    >
    > He stormed out of my office and said he was going to talk to me boss.
    >
    > Today I am going to find documentation by Microsoft and Netware supporting
    > my position.
    >
    > I welcome your thoughts in this matter.
    >
    >




  5. Re: Annoying end user

    Very interesting comments. Thank you.

    However, we are not in a domain, not using active directory, but are in a
    Netware environment.

    For this one Windows 2000 server, there is 20 users. One non I.T. person has
    read enough or heard enough to suggest a one person group.

    However it seem very reduntant to have a one user group to me when you are
    dealing with a small group of people, who rarely have role changes or leave
    our organization.

    I spent some time today looking through the Netware, Microsoft 2000 and NT4
    administration books from classes I have taken over the years. Not one
    reference to one person groups, but I do see your point about it making it
    easier, but for a small group it seems to be unnecessary, to me.

    Reading up on the definitions in the course books I took before becoming an
    administrator, it defines groups as delegating rights/permissions to a group
    of people. Out of 7 seven books not one discuss the minimum rule of a group
    any place, it is just referred to as more than one user.

    Again, thanks for the information. I still would like to hear some
    constructive criticism about my position on this.

    George, MCP,CNA, A+


    "Kristofer Gafvert" wrote in message
    news:u6w8KSSOEHA.1340@TK2MSFTNGP12.phx.gbl...
    > There is a huge benefit of using User Groups instead of single users.

    Sounds
    > like you only have 20 users in your organisation, but how do you think big
    > companies with >1000 users do? They can have groups of about 50-100 (or
    > more) people, needing the same rights. The administrator (you) will spend
    > all they long configuring user rights only...
    >
    > Rename a user when that user leaves the company? You realize that this
    > doesn't create a new user, and that the new user will have access to
    > everything that the old user had access to? In the end, this will not be
    > managable, and you will end up with a big mess, having no idea who has
    > access to what.
    >
    > --
    > Regards,
    > Kristofer Gafvert - IIS MVP
    > http://www.ilopia.com - When you need help!
    >
    >
    > "someone someplace" wrote in message
    > news:ekJoc.4331$zO3.258@newsread2.news.atl.earthli nk.net...
    > > I recently had to deal with an annoying end user that wants and thinks

    he
    > > can administer user rights on a NAS.
    > >
    > > He recently gave me a diagram where he is promoted to administrator of

    the
    > > server, and having one user groups.
    > >
    > > I told him it is not good practice to have one user groups and that it

    is
    > > better to have rights administered to a single user instead of a group

    of
    > > one user. His argument is that people can be added to the group at a

    later
    > > time and or if an employee leaves they can be added. I told him since we

    > are
    > > dealing with about 20 users that I would simply rename the user if the
    > > employee left our organization.
    > >
    > > I also told him that it is the job of the network administrator to

    assign
    > > rights to files and folders, not an end user.
    > >
    > > He stormed out of my office and said he was going to talk to me boss.
    > >
    > > Today I am going to find documentation by Microsoft and Netware

    supporting
    > > my position.
    > >
    > > I welcome your thoughts in this matter.
    > >
    > >

    >
    >




  6. Re: Annoying end user

    I would say that there is no correct or wrong answer to the question if a
    group is really necessary or not. A group with only one person does not make
    much sense, but a group still has some benefits (in the future).

    Your organisation is so small, and it is not likely that it will grow much,
    so doing this completely without groups works fine if you feel comfortable
    with it.

    Why not create a group when they become two users belonging to the group?
    :-)

    --
    Regards,
    Kristofer Gafvert - IIS MVP
    http://www.ilopia.com - When you need help!


    "someone someplace" wrote in message
    news:%SUoc.8791$KE6.7252@newsread3.news.atl.earthl ink.net...
    > Very interesting comments. Thank you.
    >
    > However, we are not in a domain, not using active directory, but are in a
    > Netware environment.
    >
    > For this one Windows 2000 server, there is 20 users. One non I.T. person

    has
    > read enough or heard enough to suggest a one person group.
    >
    > However it seem very reduntant to have a one user group to me when you are
    > dealing with a small group of people, who rarely have role changes or

    leave
    > our organization.
    >
    > I spent some time today looking through the Netware, Microsoft 2000 and

    NT4
    > administration books from classes I have taken over the years. Not one
    > reference to one person groups, but I do see your point about it making it
    > easier, but for a small group it seems to be unnecessary, to me.
    >
    > Reading up on the definitions in the course books I took before becoming

    an
    > administrator, it defines groups as delegating rights/permissions to a

    group
    > of people. Out of 7 seven books not one discuss the minimum rule of a

    group
    > any place, it is just referred to as more than one user.
    >
    > Again, thanks for the information. I still would like to hear some
    > constructive criticism about my position on this.
    >
    > George, MCP,CNA, A+
    >
    >
    > "Kristofer Gafvert" wrote in message
    > news:u6w8KSSOEHA.1340@TK2MSFTNGP12.phx.gbl...
    > > There is a huge benefit of using User Groups instead of single users.

    > Sounds
    > > like you only have 20 users in your organisation, but how do you think

    big
    > > companies with >1000 users do? They can have groups of about 50-100 (or
    > > more) people, needing the same rights. The administrator (you) will

    spend
    > > all they long configuring user rights only...
    > >
    > > Rename a user when that user leaves the company? You realize that this
    > > doesn't create a new user, and that the new user will have access to
    > > everything that the old user had access to? In the end, this will not be
    > > managable, and you will end up with a big mess, having no idea who has
    > > access to what.
    > >
    > > --
    > > Regards,
    > > Kristofer Gafvert - IIS MVP
    > > http://www.ilopia.com - When you need help!
    > >
    > >
    > > "someone someplace" wrote in message
    > > news:ekJoc.4331$zO3.258@newsread2.news.atl.earthli nk.net...
    > > > I recently had to deal with an annoying end user that wants and thinks

    > he
    > > > can administer user rights on a NAS.
    > > >
    > > > He recently gave me a diagram where he is promoted to administrator of

    > the
    > > > server, and having one user groups.
    > > >
    > > > I told him it is not good practice to have one user groups and that it

    > is
    > > > better to have rights administered to a single user instead of a group

    > of
    > > > one user. His argument is that people can be added to the group at a

    > later
    > > > time and or if an employee leaves they can be added. I told him since

    we
    > > are
    > > > dealing with about 20 users that I would simply rename the user if the
    > > > employee left our organization.
    > > >
    > > > I also told him that it is the job of the network administrator to

    > assign
    > > > rights to files and folders, not an end user.
    > > >
    > > > He stormed out of my office and said he was going to talk to me boss.
    > > >
    > > > Today I am going to find documentation by Microsoft and Netware

    > supporting
    > > > my position.
    > > >
    > > > I welcome your thoughts in this matter.
    > > >
    > > >

    > >
    > >

    >
    >




  7. Re: Annoying end user

    Way back when I took the MCSE (NT4) courses I believe the "rule of thumb"
    was to create a group if the number of users requiring the same rights was
    greater than 2.

    Tom

    "Kristofer Gafvert" wrote in message
    news:ubpXRMYOEHA.1644@TK2MSFTNGP09.phx.gbl...
    > I would say that there is no correct or wrong answer to the question if a
    > group is really necessary or not. A group with only one person does not

    make
    > much sense, but a group still has some benefits (in the future).
    >
    > Your organisation is so small, and it is not likely that it will grow

    much,
    > so doing this completely without groups works fine if you feel comfortable
    > with it.
    >
    > Why not create a group when they become two users belonging to the group?
    > :-)
    >
    > --
    > Regards,
    > Kristofer Gafvert - IIS MVP
    > http://www.ilopia.com - When you need help!
    >
    >
    > "someone someplace" wrote in message
    > news:%SUoc.8791$KE6.7252@newsread3.news.atl.earthl ink.net...
    > > Very interesting comments. Thank you.
    > >
    > > However, we are not in a domain, not using active directory, but are in

    a
    > > Netware environment.
    > >
    > > For this one Windows 2000 server, there is 20 users. One non I.T. person

    > has
    > > read enough or heard enough to suggest a one person group.
    > >
    > > However it seem very reduntant to have a one user group to me when you

    are
    > > dealing with a small group of people, who rarely have role changes or

    > leave
    > > our organization.
    > >
    > > I spent some time today looking through the Netware, Microsoft 2000 and

    > NT4
    > > administration books from classes I have taken over the years. Not one
    > > reference to one person groups, but I do see your point about it making

    it
    > > easier, but for a small group it seems to be unnecessary, to me.
    > >
    > > Reading up on the definitions in the course books I took before becoming

    > an
    > > administrator, it defines groups as delegating rights/permissions to a

    > group
    > > of people. Out of 7 seven books not one discuss the minimum rule of a

    > group
    > > any place, it is just referred to as more than one user.
    > >
    > > Again, thanks for the information. I still would like to hear some
    > > constructive criticism about my position on this.
    > >
    > > George, MCP,CNA, A+
    > >
    > >
    > > "Kristofer Gafvert" wrote in message
    > > news:u6w8KSSOEHA.1340@TK2MSFTNGP12.phx.gbl...
    > > > There is a huge benefit of using User Groups instead of single users.

    > > Sounds
    > > > like you only have 20 users in your organisation, but how do you think

    > big
    > > > companies with >1000 users do? They can have groups of about 50-100

    (or
    > > > more) people, needing the same rights. The administrator (you) will

    > spend
    > > > all they long configuring user rights only...
    > > >
    > > > Rename a user when that user leaves the company? You realize that this
    > > > doesn't create a new user, and that the new user will have access to
    > > > everything that the old user had access to? In the end, this will not

    be
    > > > managable, and you will end up with a big mess, having no idea who has
    > > > access to what.
    > > >
    > > > --
    > > > Regards,
    > > > Kristofer Gafvert - IIS MVP
    > > > http://www.ilopia.com - When you need help!
    > > >
    > > >
    > > > "someone someplace" wrote in message
    > > > news:ekJoc.4331$zO3.258@newsread2.news.atl.earthli nk.net...
    > > > > I recently had to deal with an annoying end user that wants and

    thinks
    > > he
    > > > > can administer user rights on a NAS.
    > > > >
    > > > > He recently gave me a diagram where he is promoted to administrator

    of
    > > the
    > > > > server, and having one user groups.
    > > > >
    > > > > I told him it is not good practice to have one user groups and that

    it
    > > is
    > > > > better to have rights administered to a single user instead of a

    group
    > > of
    > > > > one user. His argument is that people can be added to the group at a

    > > later
    > > > > time and or if an employee leaves they can be added. I told him

    since
    > we
    > > > are
    > > > > dealing with about 20 users that I would simply rename the user if

    the
    > > > > employee left our organization.
    > > > >
    > > > > I also told him that it is the job of the network administrator to

    > > assign
    > > > > rights to files and folders, not an end user.
    > > > >
    > > > > He stormed out of my office and said he was going to talk to me

    boss.
    > > > >
    > > > > Today I am going to find documentation by Microsoft and Netware

    > > supporting
    > > > > my position.
    > > > >
    > > > > I welcome your thoughts in this matter.
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >




+ Reply to Thread