Datacentre - give away admin rights ?

Strange security situation ! A customer is moving their entire Win2K structure (about 50 servers in 1 AD) into a managed datacentre although they will continue to maintain everything from OS up including service packs and of course their application set. The datacenter staff will ensure the machines ping respond and do backups but not much else. The customer owns the hardware and software.

Datacentre people are insisting that all their staff (almost 100 around the world) have full admin rights to all machines. I have advised customer that Datacenter staff should just have a policy applied to give them rights to backup data but no more although customer would give them rights on need basis if required. Datacenter people say that isn't possible and nobody else does it that way !

Is this normal ? What would you guys do ? I've told my customer that based on my experience and training he shouldn't conceed admin rights to so many people - so of course he has asked me to work out a solution !

Assuming I'm right (!) what I could really use is a sort of "best practice" white paper that the customer can take to the datacenter people, anyone seen such a thing anywhere ?

Thanks,


DC

 

 

 

 

Top