Kaseya Community

Is it Possible - IT Local Administrator

  • Hi All,

    A quick is it possible - As part of our managed services setup we have an option called IT manager option (or something like that) basically what it is - if we have a client who has a local administrator working on the site we sell them this option - we install the agent on all machines and then we agree to look after the servers and firewalls and the like but the local admin looks after the pc's. He/She is given a login to kaseya and can see only that computer group. The problem is - if I give them access to the group they will see all machines on that group including servers, so if they start playing with scripts they could affect the servers too which is what we are supposed to be managing.

    Question - is there anyway to control this problem?

    I did think maybe of creating a sub group and putting all the pc's into that sub group but not sure if I can just limit access to the sub group. And then we manage the main group which would consist of all the servers.

    Any thoughts would be greatly appreciated.

    Michael.

    Legacy Forum Name: Is it Possible - IT Local Administrator,
    Legacy Posted By Username: mmartin
  • Yes. Create a sub group and only give them access to that. You got it right.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: far182
  • Sub Group or Different group is the only way I know to do this, sounds like you are on the right track.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: jasonb
  • How exactly do you setup administrative access to a specific sub group after it has been created?

    Legacy Forum Name: How-To,
    Legacy Posted By Username: Resistance2Fly
  • I think I recall this in the correct order.

    1. Create a sub-machine group from the System tab (select the root machine group in the pull down, then name the subgroup something like wks or workstations).

    2. Sort your view down to Workstations and copy those to the new sub-group.

    3. Create a new admin role (make it specific to the client name so its easy to identify against any other roles you may have created).

    4. Go to Group Acces, select the new admin role, and apply that sub-group to them.

    That's a simple version. You can also limit their access to features under the Function Access section as well as limit the hours they can login.

    If I goofed any of this, please say so.

    Tyler

    Legacy Forum Name: How-To,
    Legacy Posted By Username: genix-tyler
  • Got it, thanks!

    Legacy Forum Name: How-To,
    Legacy Posted By Username: Resistance2Fly