Hi -
This is my first Augi post, so bear with me....I have been the "default" CAD & IT manager for my 45+ person Architecture firm for the past 3 years, handing everything from new workstation selection and ACAD network deployments to printer setups and file archiving and backup management. We also have two outside IT administrators at my disposal - one for general network & connectivity issues and another for off-site file backup and Exchange hosting. My background is in architecure, not networking or computers, so everything that I know I have learned on the job. Also, I am still managing projects as best I can, until additional capable staff is available.

My firm is growning very quickly, and soon will be operating our of multiple offices in the US. I would like to continue my role as an in-house IT and CAD Manager, but am running into some issues with the office administration, specifically regarding security. For instance, my access to the domain and file servers has been recently taken away, due to issues with file security, and I am no longer able to add or remove computers from our Domain without calling the Newtork Administrator.

Looking for feedback out there from other CAD/IT managers - how do you guys handle file security out there in your firms? How much network administration do you handle yourselves, and how much do you outsource? Do your CAD managers have any access to domain controllers or file servers?

Any advice you can offer is greatly appreciated. Thanks!

For instance, my access to the domain and file servers has been recently taken away, due to issues with file security, and I am no longer able to add or remove computers from our Domain without calling the Newtork Administrator.
Without getting into specific tasks, if a tool is needed to perform your job duties and you don't have access to it, how are you expected to do your job? If your job is digging ditches and they take away your shovel... well you get the picture.... Maybe it's time for a discussion with HR regarding your job description..?



Looking for feedback out there from other CAD/IT managers - how do you guys handle file security out there in your firms? How much network administration do you handle yourselves, and how much do you outsource? Do your CAD managers have any access to domain controllers or file servers?I am in "I.S.", so yes I have access to resources like this. On the other hand, our CAD Managers are more like production managers and they have no need to do tasks like this. I think it varies from business to business, and based on number of employees...

I have to agree with R.K. There are aspects of the job that can require greater access to the domain than a normal user.

In my role as Design Technology Manager, I need to be able to add/remove workstations from the domain, and that need was seen early on. Especially after frequent phone calls to the IT Manager as I was rapidly deploying virtual machines for testing purposes.

However, I do not have full admin rights to the entire domain. I am a member of the local admin group but not the domain group. That's fine. Occasionally I need a new folder created on some network share and be granted full rights to it. However, that's rare enough that I am happy to contact the administrators for such.

Our CAD Manager has far tighter rights than I do, which is fine for that role.

The key is to keep the roles complementary and not adversarial.

The key is to keep the roles complementary and not adversarial.

Plus:
- make sure everybody is dancing to the same tune
- those with rights know what they are doing within those rights

Thanks - all good feedback!

I'll definitely follow up with our network administrator about the "local admin group" vs "domain admin group" that RobertB mentioned. Since our file server is a separate machine from our domain controller, perhaps being a local admin of the domain controller will allow me access to active directory w/o access to secure files on the file server?

There still may be issues with my access to resetting domain passwords, though....our firm will be going through federal audits, and I've been told by HR that its a big nono for internal employees to have unrestricted access to file servers (such as HR & Accounting files), but email access is a little fuzy.

Any of you have experience with federal security requirements and how your firms have addressed this?

You don't have to be a member of domain admins in order to add computer accounts to AD. The right can be explicity assigned without making you a member of domain admins (which you should not be). However, you will need local admin access on workstations if you will be installing/updating software.

Thanks RobertB - I'm checking with my network admin on this today.

Best -