Server Administrator NetIDs provide a way for IT staff to be granted administrative access to Windows servers, Linux servers or other Active Directory-integrated services. They are treated as separate from regular faculty/staff NetIDs to provide additional security. The Server Admin NetIDs end with “-admin“. More information about different types of NetIDs can be found in the AD Design Notebook:
This FAQ is intended primarily for Server Admin NetID owners, as well as OTS staff supporting them.
Why do I need a separate account to have administrative access to a server?
To be compliant with the Administrative Access to Windows Servers Policy, you must use a Server Admin NetID to access Windows- or Linux-based servers. The Administrative Access to Windows Servers Policy is available to OTS staff from the following SharePoint link:
Administrator Access to Windows Servers.docx
All non-OTS staff may request a copy of the policy from the Director of Enterprise and Infrastructure Services.
How do I request new server administrative access (new Server Admin NetID) from OTS?
Note: You can also reference this Knowledge Center article from the NetID Tools page (http://www.towson.edu/netid) and click the Instructions for Requesting and Maintaining a Server Admin NetID link under the Campus IT Staff Tools section.
What is the purpose of this policy?
The purpose of this policy is to separate an individual’s regular faculty/staff credentials from those used for administrative duties. This follows security best practices, reduces auditor comments and improves security in the server networks.
Who is affected by this policy?
This policy pertains to anyone requiring administrator access rights to one or more servers in the Data Centers. All Windows and Linux servers that are added to the Active Directory (”towsonu”) domain are affected by this policy.
Faculty/staff may be granted Server Admin NetIDs, and in rare cases, student employees may be granted Server Admin NetIDs.
Affiliate (vendor) NetIDs are not affected -- affiliates do not receive separate Server Admin NetIDs.
What rights will the administrative account have?
Administrator access rights to Windows or Linux servers provide the Server Admin NetID owner with the ability to perform all administrative functions on a server hosted in the OTS-managed Data Centers, including the installation/removal of software.
Administrator access is not always required; OTS will assist in identifying administrator access requirements.
Server Admin NetIDs are all members of one or more server administrator groups in Active Directory; these groups are used to grant administrative access to servers. Using Active Directory groups simplifies administrative account management and improves OTS’s ability to perform periodic audit on administrative accounts on servers. Individual Server Admin NetIDs should not be added directly to a local Administrators group on a Windows server.
How do I request administrative access to a specific server for my Server Admin NetID?
Contact the OTS Help Center to request administrative access to a server (or servers). This request must be made by someone who has existing administrative access to the server (or servers). A technical service request (TSR) will be created to track the progress of the request. Be prepared to provide a justification of the need. A systems engineer will add the permissions and notify you.
How do I change my Server Admin NetID password?
Your Server Admin NetID password expires every 90 days. You will receive an email notifying you when the password will expire, starting 10 days before it expires. Instructions are provided in the e-mail -- the password can be changed either by:
A user whose password has been forgotten or expired must contact the Help Center so a TechHelp Service Request can be created. A Help Center staff member can send you an e-mail with a single-use web link to reset your Server Admin NetID password.
How do I access the server using my Server Admin NetID?
To access Windows servers, you must use the Remote Desktop Gateway service. Also, you must have already been granted administrative access to the server. For general information regarding the Remote Desktop Gateway service, visit: http://remotedesktop.towson.edu. For advanced configuration details, refer to the following KB article: https://www.towson.edu/knowledgecenter/article.aspx?article=745
To access Linux servers, SSH will be available from on-campus or within Virtual Workspace.
Can I access my H: drive on Windows servers when using my Server Admin NetID?
Faculty and staff with Server Admin NetIDs will have access to their regular H: drives using their Server Admin NetIDs.
However, any student employees who have received Server Admin NetIDs will be unable to access their H: drives with their Server Admin NetIDs.
H: drives are not available on Linux servers.
Can I copy files from my workstation to the server?
For Windows servers, when logged in to a server, faculty and staff can copy files to/from their H: drive to/from the server. In addition, a copy-and-paste feature is available through Remote Desktop for servers running Windows 2008 or greater when the workstation being used is running Windows Vista or greater; with these operating systems, copying-and-pasting of text, images, files and other content is supported. Other operating system configurations will only allow the copying of text through the Remote Desktop session.
For Linux servers, SFTP will be available for file transfers.
Additional keywords: Server Admin Account, Server Admin Username, Admin Account, -Admin Account, server administrator account