We have some dedicated volunteers in our missions department that have their own email addresses and access to the missions file shares on the network. This makes me nervous since they have “official” accounts that carry the same weight as staff accounts.
What would you consider best practices for accounts like this?
We do have a “volunteer” group we put them in that prohibits them from accessing certain areas regardless of other group membership (in fact, I believe this is the only reason we use “forbid” permissions at all on the fileserver).
I’ve considered a volunteer domain (i.e. email@example.com).
We have generic volunteer accounts that are used in rotation that are severely limited, but I’m thinking more for the “full time volunteers” that are here 10+ hours a week on a regular schedule that might need a higher level of access.
What do you do for volunteers of this nature?