Solved

Limit Access for remote user

Posted on 2006-10-19
3
146 Views
Last Modified: 2013-12-04
HI there
We are in the process of having a new warehouse system put in and the Company who are supplying the new system want to have remote access so that they can do software upgrades, troubleshooting etc.
We have assigned a VPN User name and password and a Windows user name and password.  The remote support worker said that he needed to be given administrative rights and put himself into the administrators group.
We have 2 main servers, a windows 2003 R2 server and a SQL 2005 server.  The software is installed on the SQL Server box and I think it is this box the remote supprt worker would need to access to.
What I am concerned about is that if this user is logging on remotely as an administrator for the domain he can do pretty much whatever he likes, including looking at company data files.
How can I give this user sufficient access to the SQL Server, so that he can install software and make changes to the server but limited or even no access to AD or data files?
0
Comment
Question by:boders67
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 125 total points
ID: 17765779
is the box that he needs to get into a domain controller or a member server?
if it is a member server then all you have to do is give them a LOCAL account with admin rights and not a domain account.  That way they will not have access to AD at all.  You can then just put deny rights on any company data files for this account you give them.  BUT, since they are a local admin, they could always give themself ownership of the files/folders and give themselves rights.  But in that case it will be clear that they gave themselves rights (against your wishes).  As always, have them sign some type of legal document before giving them access to your network. See your corperate attorney so the wording of this document is correct.

0
 

Author Comment

by:boders67
ID: 17766092
Thanks for your answer.
The box he needs access to is also a domain controller.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17772557
I have to agree with Mike on this one.....

Any support relationship is down to trust.......you have to trust him to act in the best interest of your business.

As Mike said, get a Non Disclosure Agreement in place and refuse him access until him complies with that (obviously unless you've got an immediate problem)

If the box is a domain controller, then he pretty much has access as much as he likes.......

What I would suggest if you are uneasy about it, then install VNC on the server and change his password so that he doesn't know it.   At least when you ring him, you give him a session password for VNC and you can watch what he is doing on the console.  Once he has finished the work you want carried out, then change the password back to something he doesn't know.

Obviously it's not very trusting, and hopefully that would develop over a period of time, but certainly get a Non Disclosure Agreement in place.

Cheers
Si
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question