Solved

Limit Access for remote user

Posted on 2006-10-19
3
140 Views
Last Modified: 2013-12-04
HI there
We are in the process of having a new warehouse system put in and the Company who are supplying the new system want to have remote access so that they can do software upgrades, troubleshooting etc.
We have assigned a VPN User name and password and a Windows user name and password.  The remote support worker said that he needed to be given administrative rights and put himself into the administrators group.
We have 2 main servers, a windows 2003 R2 server and a SQL 2005 server.  The software is installed on the SQL Server box and I think it is this box the remote supprt worker would need to access to.
What I am concerned about is that if this user is logging on remotely as an administrator for the domain he can do pretty much whatever he likes, including looking at company data files.
How can I give this user sufficient access to the SQL Server, so that he can install software and make changes to the server but limited or even no access to AD or data files?
0
Comment
Question by:boders67
3 Comments
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 125 total points
ID: 17765779
is the box that he needs to get into a domain controller or a member server?
if it is a member server then all you have to do is give them a LOCAL account with admin rights and not a domain account.  That way they will not have access to AD at all.  You can then just put deny rights on any company data files for this account you give them.  BUT, since they are a local admin, they could always give themself ownership of the files/folders and give themselves rights.  But in that case it will be clear that they gave themselves rights (against your wishes).  As always, have them sign some type of legal document before giving them access to your network. See your corperate attorney so the wording of this document is correct.

0
 

Author Comment

by:boders67
ID: 17766092
Thanks for your answer.
The box he needs access to is also a domain controller.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17772557
I have to agree with Mike on this one.....

Any support relationship is down to trust.......you have to trust him to act in the best interest of your business.

As Mike said, get a Non Disclosure Agreement in place and refuse him access until him complies with that (obviously unless you've got an immediate problem)

If the box is a domain controller, then he pretty much has access as much as he likes.......

What I would suggest if you are uneasy about it, then install VNC on the server and change his password so that he doesn't know it.   At least when you ring him, you give him a session password for VNC and you can watch what he is doing on the console.  Once he has finished the work you want carried out, then change the password back to something he doesn't know.

Obviously it's not very trusting, and hopefully that would develop over a period of time, but certainly get a Non Disclosure Agreement in place.

Cheers
Si
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now