We are in the process of having a new warehouse system put in and the Company who are supplying the new system want to have remote access so that they can do software upgrades, troubleshooting etc.
We have assigned a VPN User name and password and a Windows user name and password. The remote support worker said that he needed to be given administrative rights and put himself into the administrators group.
We have 2 main servers, a windows 2003 R2 server and a SQL 2005 server. The software is installed on the SQL Server box and I think it is this box the remote supprt worker would need to access to.
What I am concerned about is that if this user is logging on remotely as an administrator for the domain he can do pretty much whatever he likes, including looking at company data files.
How can I give this user sufficient access to the SQL Server, so that he can install software and make changes to the server but limited or even no access to AD or data files?