Office of Technology Services
Knowledge Center Article

 

FAQ for Server Administrator (-Admin) NetID Owners (Article #755)


Created on June 22, 2010
Last Modified on June 25, 2021
Technical Level:  Intermediate
Audience:  Faculty/Staff

   




 

This FAQ is primarily intended for OTS and campus IT staff who manage servers abd/or applications and services.

Server Admin NetIDs provide a way for OTS and campus IT staff to obtain and use privileged access for managing Windows and Linux servers and also for managing applications and services that are integrated with Active Directory. These accounts are treated as separate from regular faculty/staff NetIDs to provide additional security. Server Admin NetIDs end with “-admin“. More information about different types of NetIDs can be found at www.towson.edu/netid.

 

How do I request a new Server Admin NetID?

  1. Log into the NetID Management site: https://netid.towson.edu
  2. Navigate to the 'Requests' tab, and choose 'Request Access or NetID'
  3. Select 'Create New User'
  4. From the drop-down, choose Server Admin NetID and click 'Next'
  5. Enter the NetID of the Faculty/Staff member you are requesting a Server Admin NetID for. The form defaults to the user currently logged in. Hit Tab or click away and the form will auto-complete the necessary account details.
  6. Choose 'Yes' in 'Confirm Account Creation' and then 'Done'
  7. In the comments box at the bottom, include any additional access that is needed (i.e. server access) and an engineer will follow up with you by creating an SR.

 

Why do I need a separate account to have administrative access to a server?

  • The main purpose is to separate an individual’s regular faculty/staff (or student employee) credentials and permissions from privileged access required for administrative duties. This follows security best practices, reduces audit exposure, and improves security on systems and across the network.
  • In order to be compliant with OTS and University policies governing privileged access and audit and regulatory compliance, you must use a Server Admin NetID to in order to manage servers. The individual policies referred to here are accessible from the OTS SharePoint site: https://tu.sharepoint.com/sites/ots/OTS%20Policies/Forms/OTSPolicies.aspx. All non-OTS staff may request a copy of the policy from the Director of Enterprise and Infrastructure Services.

 

Who is affected by this policy?

This policy pertains to anyone requiring administrator access rights to one or more servers in the Data Centers.  All servers (Windows, Linux, or other OS) that are added to the Active Directory (”towson.edu”) domain are affected by this policy.

Faculty/staff may be granted Server Admin NetIDs, and in rare cases, student employees may be granted Server Admin NetIDs.

Guest NetIDs are not affected by this policy -- Instances where guests require server access are usually rare. Guests who need access to servers will not require separate Server Admin NetIDs.

 

What rights does the Server Admin NetID have?

When access rights to specific servers are needed, Administrative privileges will most likely be granted--limited to the servers that need to be managed/accessed. This level of permission to servers provides the Server Admin NetID owner with the ability to perform all administrative functions on a server hosted in the OTS-managed Data Centers, including the installation/removal of software.

Administrator access is not always required; OTS will assist in identifying administrator access requirements.

Server Admin NetIDs are all members of one or more server administrator groups in Active Directory; these groups are used to grant administrative access to servers.  Using Active Directory groups simplifies administrative account management and improves OTS’s ability to perform periodic audit on administrative accounts on servers.  Individual Server Admin NetIDs should not be added directly to a local Administrators group on a Windows server.

 

How do I request administrative access to a specific server for my Server Admin NetID?

Contact the OTS Help Center to request administrative access to a server (or servers).  This request must be made by someone who has existing administrative access to the server (or servers).  A TechHelp service request (SR) will be created to track the progress of the request.  Be prepared to provide a justification of the need.  A systems engineer will add the permissions and notify you.

Special Note: Eventually this process will be moved to self-service within NetID Management (https://netid.towson.edu). This is scheduled for 'Phase 2' of the OTS IAM project. This document will be updated with the server access request process, once that functionality has been added.

 

How do I change my Server Admin NetID password?

Your Server Admin NetID password expires every 90 days. You will receive an email notifying you when the password is about expire starting several days before it expires. Instructions for changing your password will be provided in the e-mail -- the password can only be changed using the NetID Management site: https://netid.towson.edu. The NetID Management site offers two distinct methods of resetting a forgotten or expired password.

The following steps are for the 'Forgot Password' feature. Neither of these features can be used until you claim the Server Admin NetID.

  1. Access the 'Forgot Password' feature of the NetID Management site https://netid.towson.edu/identity/self-service/tow/kiosk.jsf
  2. Select your NetID Type, enter your Legal Last Name, TUID, Date of Birth, and fill in the Google Captcha.
  3. Enter the required answers to the two randomly-selected Security Questions.
  4. Choose a new password, and consult the password guideline checklist at the bottom right-hand corner of the interface. You should now be able to log into the NetID Management site with your new password.

The following steps are for the 'One-Time Passcode Reset' feature.

  1. Access the 'One-Time Passcode Reset' feature of the NetID Management site https://netid.towson.edu/identity/self-service/tow/smsreset.jsf
  2. Select your NetID Type, enter your Legal Last Name, TUID, Date of Birth, fill in the Google Captcha, and click the checkbox acknowledging you consent to receiving text messages on your mobile device.
  3. Select your preferred contact method, and click "Sent One-Time Passcode"
  4. Enter the passcode you received.
  5. Choose a new password, and consult the password guideline checklist at the bottom right-hand corner of the interface. You should now be able to log into the NetID Management site with your new password.\

For more information about your accounts and how to manage them, visit the NetIDs page on the university website: https://www.towson.edu/netid.

 

How do I access a server using my Server Admin NetID?

  • Windows servers: Use the Remote Desktop Gateway service. 
    • You must have already been granted administrative access to the server. If you are unsure, or need to request access, please consult the section above entitled: “How do I request administrative access to a specific server for my Server Admin NetID?
    • For general information regarding the Remote Desktop Gateway service, visit: http://remotedesktop.towson.eduFor advanced configuration details, refer to the following KB article: https://www.towson.edu/knowledgecenter/article.aspx?article=745
    • RDP to servers requires Duo. You will need to enroll Duo MFA devices for your Server Admin NetID. Instructions for enrolling your devices for your NetIDs are available at https://towson.edu/duo

  • Linux servers: SSH is available from on-campus, via VPN, from Windows Admin VMs, or from the Towson Desktop on Virtual Workspace.
  • Appliances and other servers: Discuss with your manager, or with the EIS Senior Systems Architect.

 

Can I access my H: drive on Windows servers when using my Server Admin NetID?

Faculty and staff with Server Admin NetIDs will have access to their regular H: drives using their Server Admin NetIDs. However, any student employees who have received Server Admin NetIDs will be unable to access their H: drives with their Server Admin NetIDs. H: drives are not available on Linux servers (except by homeshare UNC path).

 

Can I copy files from my workstation to the server?

  • Via H:\ drive (or homeshare UNC path): When logged in to a server, faculty and staff can copy files to/from their H: drive to/from the server.
  • Copy/Paste through RDP: In addition, a copy-and-paste feature is available through Remote Desktop for servers. Copying-and-pasting of text, images, files and other content is supported.
  • Linux: SFTP and SCP are acceptable methods for file transfers.

 

Additional keywords:  Server Admin Account, Server Admin Username, Admin Account, -Admin Account, server administrator account



Comments about this article?     
From Name:    E-mail: 

To comment on the Knowledge Center system, please use the Comments page.
The Knowledge Center is available at http://www.towson.edu/knowledgecenter.