We have a server room and right now it's like in wild west: the strongest one can get in and do whatever he wants.
I would like to prepare a list of rules to follow to monitor the access and understand who got in so we can track who did what to troubleshoot problems or understand if someone stole gear.
I thought about keeping keys in a single and secure place and giving it only to a person who sign a register when taking the keys and when giving them back (both signatures with time details).
Is it a good idea?
Can it be improved without messing too much with people with the need to work fastly?
thanks!
Best Answer
Don't use keys, use access cards: access cards can be logged.
Institute a policy of documentation to track changes: the access logs will be backup only so if someone forgets to log a change to the system you can ask them. Every change should be written up afterwards.
Most importantly: if you don't trust your admins, get new ones. It's impossible to force limits on an admin's access to your network. It's counter-productive and will alienate them.
If the problem is just one of everyone trying to do what they think best and interfering with each other, consider selecting a chief admin. This can be difficult; some sysadmins (while competent) are poor at relationship-managing and consensus-building. If you have such an admin, count yourself lucky, give them more responsibility, and a pay raise.