Site home page
(news and notices)

Get alerts when Linktionary is updated

Book updates and addendums

Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)

Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!

Contribute to this site

Electronic licensing info

 

 

Administrator Account

Related Entries    Web Links    New/Updated Information

  
Search Linktionary (powered by FreeFind)

Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

Normally, an administrator is a person with a high level of control. The administrator account is a user account that exists on several popular network operating systems and has the highest level of control over a system and/or network. On a UNIX system, the root user account is the highest level account, with unrestricted access to the system. Root is often called the superuser account.

In older versions of NetWare, a person who installed a server became the supervisor for that server only, with unlimited rights to manage that server. In versions of NetWare that implement NDS (Novell Directory Services), the management structure for administrators has been expanded. The administrator account manages NDS and all the servers, users, and resources tracked by it. The administrative user can assign other people as subadministrators for part of the directory tree, if necessary, to enable distributed management.

Microsoft's new Active Directory for Windows 2000 implements a hierarchical administration scheme similar to NDS, in which one administrator has control over the entire network and can delegate subadministrators to manage other parts of the directory tree.

In the traditional Windows NT environments, a person becomes administrator by installing the first server in a domain. That server becomes the PDC (primary domain controller) for the domain, and other servers become BDCs (backup domain controllers). The administrator can manage all the servers in the domain. Of course, other domains can be created, but they can have their own administrators.

Administrator Activities

With most secure operating systems, the person who installs the operating system is the one who has first shot at becoming the administrator/root user. However, this is not always practical in a situation in which many systems are being set up at once by several people, but only one person should have administrator/root status. In this case, the real administrator should change the administrator/root password as soon as the system is installed to avoid security problems.

All administrative users should have a separate logon account that they use to access the network when performing nonadministrative tasks. Administrator-level access should not be taken lightly. Make sure no one watches you enter a password, and ensure that systems are in a safe location so that intruders can't install software that might act as a Trojan horse and steal your password. For security reasons, you can prevent the administrators of your systems from logging in over the network. This will reduce the chance of attacks from the network by allowing administrator logon only at the physical system.

The system administrator's password is the master key to the system. Try to use a complex password that is easy to recall by using the phrase system. For example, the password Mbiot4thoJ is derived from "My birthday is on the Fourth of July." Another suggestion is to create a two- or three-word password and then give a portion of the password to two or three people in the company. This "fail-safe" approach ensures that others can gain administrative access to the server should something happen to the administrator. To gain access, they must do so together.

In NetWare, a separate auditor account exists that can monitor the activities of the administrator. This is a good idea. When the system is first installed, an administrator enables auditing and creates the auditor account. Once the auditor is given control of the account, he or she can change the password to ensure that the administrator can no longer access it. The auditor can track the activities of the administrator but not perform any other tasks that the administrator can perform.

Generic Administrator Task List

Here's the generic list of administrator tasks. We pulled it out of the last edition to save space, but some readers requested it for use in job descriptions and service contracts:

  • Install servers.

  • Create the initial administrator password.

  • Change the administrator password periodically for security reasons.

  • In a directory services environment, administer the directory tree.

  • Create directory structures for programs and data on servers.

  • Install applications.

  • Create, manage, and delete user accounts.

  • Set logon and access restriction policies.

  • Designate users as managers with special rights to manage systems and other users.

  • Troubleshoot system problems and failures.

  • Ensure that system security features such as authentication systems, access controls, and firewalls are properly installed and configured.

  • Ensure that data is properly protected with backup procedures and system fault tolerance (SFT) features.

  • Ensure that systems are physically secure. Malicious users have an easier time breaking into systems if they are at the system, rather than accessing it over the network.

  • Monitor the system for malicious activity. This includes running monitoring tools and evaluating activity logs.

  • Recommend new equipment or manage the expansion of the network when it becomes overloaded.

  • Consider the repercussions of being the person of last resort to call during critical events such as system failures or disasters.

  • Put training classes and conferences into your IT budget so you can keep up to date.

  • Monitor the performance and integrity of the network.

  • Purchase cable-testing equipment and protocol analyzers to troubleshoot your networks if they are large enough to justify it.

  • Build a network-testing platform so you can try new software and hardware, and experiment with new network technologies.

  • Handle whining users with diplomacy.

  • Increase help desk budget so you can hire someone else to handle whining users.



Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.