
- The Where – an account with local access rights on multiple Windows servers can log onto more than just the one server you intended. Do you want to limit access to a small number of servers or devices?
- The How – Sticking with the Windows example, do you want someone to be able to only log on when physically present at the server? Via MSTSC (or PuTTY in the case of Unix)? Or only use the credentials to remotely manage parts of a server, such as services?
- The What – This is the big one; what are they specifically doing while logged on? You should be thinking about whether you want to be able to shadow a session, pause and/or kill it, and even record it for later playback.

Nick Cavalancia, Founder/Chief, Techvangelism
Nick Cavalancia has over 20 years of enterprise IT experience, 10 years as a tech marketing executive and is an accomplished technology writer, consultant, trainer, speaker, and columnist.
Nick has attained industry certifications including MCNE, MCNI, MCSE and MCT and was once accused at TechEd of "not having enough digits" in his MCP number (which only has 5). He has authored, co-authored and contributed to over a dozen books on Windows, Active Directory, Exchange and other Microsoft technologies and has spoken at many technical conferences on a wide variety of topics.
Previously, Nick has held executive marketing positions at ScriptLogic (acquired by Quest, now DELL Software), SpectorSoft and Netwrix where he was responsible for the global messaging, branding, lead generation and demand generation strategies to market technology solutions to an IT-centric customer base.