Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
· Home
· Content
· Feedback
· News
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account


The five ITIL books can be obtained directly from the publisher's website:

Or as downloadable PDFs: HERE

Current Membership

Latest: Lblawfhz
New Today: 35
New Yesterday: 33
Overall: 231683

People Online:
Visitors: 80
Members: 1
Total: 81 .



Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Related Resources

Service related resources
Service Level Agreement

How to set up
IT Change Management
Process Info-Graphic

NOTE: ģ ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


Select Interface Language:

Please contact us via the feedback page to discuss advertising rates.

The Itil Community Forum: Forums

ITIL :: View topic - Help Desk Priveledged Accounts Question
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Help Desk Priveledged Accounts Question

Post new topic   Reply to topic    ITIL Forum Index -> The ITIL Service Desk
View previous topic :: View next topic  
Author Message

Joined: Feb 04, 2008
Posts: 1

PostPosted: Tue Feb 05, 2008 12:09 am    Post subject: Help Desk Priveledged Accounts Question Reply with quote

Our organization provides the Support Desk staff with a user account and a priveledged user account that gives them limited administrative rights on the network.

I believe that this policy was implemented to provide a fail safe so that the HD would think twice before doing things and to ensure that they are truly doing things that they should be doing.

The administrator who implemented this is no longer with the company and my new Manager is questioning it's validity and logic.

My question is what does ITIL say about providing priveledged accounts to users on the Help Desk? What is the Best Practice and/or does anyone have any other suggestions on how to keep the network secure from erros and oversites?
Back to top
View user's profile
Senior Itiler

Joined: May 07, 2005
Posts: 121
Location: UK

PostPosted: Tue Feb 05, 2008 12:44 am    Post subject: Reply with quote

In general isn't it desirable to have as much front-line fix capability as possible?

Sending lots of queries to 2nd & 3rd line resources is costly and not the best customer experience you can get.

In that sense - and unless I'm missing something from your query - I'd say keep the capability at Service Desk.
Back to top
View user's profile Send e-mail
Senior Itiler

Joined: Sep 05, 2007
Posts: 57

PostPosted: Tue Feb 05, 2008 12:44 am    Post subject: Reply with quote

I donít think ITIL gives details about this topic. Respecting the ITIL point of view (and good sense) the more the service desk staff is able to provide directly a solution to the incidents the better your service desk will react.

You should give privileged account to service desk operator in relation with their skills/knowledge. I think this is a valid way to make the service desk truly reactive (and not only the personal assistant of the 2nd level specialist) and to qualify the service desk employees.

But of course donít give the keys of the car to someone with no driving license!

Back to top
View user's profile
Senior Itiler

Joined: Jan 03, 2007
Posts: 189
Location: Redmond, WA

PostPosted: Tue Feb 05, 2008 1:10 am    Post subject: Reply with quote

I will agree with everyone else that ITIL doesn't say anything specific about who should be performing specific IT operations. I also agree that putting the tools in the Service Desk's hands to resolve issues on first call is a good idea (assuming that they know what they are doing). I would have issue (as would a security audit) on the sharing of the privileged account.

You lose your accountability for actions taken with a shared account. If you trust your analysts to perform privileged actions, then give their named accounts those rights. That way you can't have a disgruntled employee wreck your network anonymously.

Back to top
View user's profile
Senior Itiler

Joined: Oct 12, 2007
Posts: 306
Location: Ireland

PostPosted: Tue Feb 05, 2008 5:47 am    Post subject: Reply with quote

WHat ITIL does say is to look at increasing your capabilities to resolve issues at first contact via the Service Desk - reduce other costs of support ect.

So if having elevated access at the Service Desk does this in a COntrolled and Security enabled way - then yes it is valid to do this. look into the securoty aspect and ensure tat this does not alloe for a security breach.
Mark O'Loughlin
ITSM / ITIL Consultant
Back to top
View user's profile

Joined: Feb 20, 2008
Posts: 5

PostPosted: Wed Feb 20, 2008 7:24 pm    Post subject: Reply with quote


ITIL v3 does speak to the Super User role within an organization. I would make careful consideration to allocating Super User access to a Service Desk Agent. As controls for Security Audit conformance would get very muddy quickly and that wouldn't be a desired scenario. If you do perform the resource leveraging in that manner, prior to implementation ensure there is a well documented process that outlines the controls in place and the specific criteria for utilizing the Super User access. Hope this helps.

Very Happy
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> The ITIL Service Desk All times are GMT + 10 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops © 2003

Forums ©


Logos/trademarks property of respective owner. Comments property of poster. Rest © 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.