S 2.38 Division of administrator roles in PC networks

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

Many networked systems offer the possibility to divide the administrator role and to allocate administrator activities to various users.

Thus, for instance, the following administrator roles can be set up under Novell Netware 3.11: Workgroup Manager, User Account Manager, File Server Console Operator, Print Server Operator, Print Queue Operator.

Defined administrator roles can be created under Windows NT for individual users or better for groups by the controlled allocation of user privileges. Besides the administrator group, the following must be mentioned: power users (i.e. administrators with restricted privileges), backup-operators, print-operators, server-operators and replicator-operators. Additionally, further roles can be defined via the explicit allocation of user privileges (see also S 4.50 Structured system administration under Windows NT).

Where administrator roles exist for specialised tasks, they should be made use of. Especially when in large systems where administration tasks must be entrusted to a number of persons, the risk of the administrator roles holding excessive powers of control can be reduced by an appropriate division of responsibilities so that administrators will not be able, without being subject to control, to make unauthorised or unintentional changes to the system.

Despite the division of administrator roles, the system will in most cases automatically set up an account for an administrator not subject to any restrictions, i.e. the supervisor. The supervisor password may be known only to a small number of people. It must not be known to any of the sub-administrators so as to prevent the latter from expanding their rights in this way. The password must be safely deposited (see S 2.22 Depositing of passwords). The supervisor log-in can be additionally protected by the application of the two-person rule, e.g. by means of organisational measures such as a split password. In that case, the password must have an extended minimum length (12 characters or more). It must be ensured that the password, in its full minimum length, will be checked by the system.

Additional controls:

• To which persons is the supervisor password known?

• Have administrator roles been divided up?