Solved

Limit Access for remote user

Posted on 2006-10-19
3
141 Views
Last Modified: 2013-12-04
HI there
We are in the process of having a new warehouse system put in and the Company who are supplying the new system want to have remote access so that they can do software upgrades, troubleshooting etc.
We have assigned a VPN User name and password and a Windows user name and password.  The remote support worker said that he needed to be given administrative rights and put himself into the administrators group.
We have 2 main servers, a windows 2003 R2 server and a SQL 2005 server.  The software is installed on the SQL Server box and I think it is this box the remote supprt worker would need to access to.
What I am concerned about is that if this user is logging on remotely as an administrator for the domain he can do pretty much whatever he likes, including looking at company data files.
How can I give this user sufficient access to the SQL Server, so that he can install software and make changes to the server but limited or even no access to AD or data files?
0
Comment
Question by:boders67
3 Comments
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 125 total points
ID: 17765779
is the box that he needs to get into a domain controller or a member server?
if it is a member server then all you have to do is give them a LOCAL account with admin rights and not a domain account.  That way they will not have access to AD at all.  You can then just put deny rights on any company data files for this account you give them.  BUT, since they are a local admin, they could always give themself ownership of the files/folders and give themselves rights.  But in that case it will be clear that they gave themselves rights (against your wishes).  As always, have them sign some type of legal document before giving them access to your network. See your corperate attorney so the wording of this document is correct.

0
 

Author Comment

by:boders67
ID: 17766092
Thanks for your answer.
The box he needs access to is also a domain controller.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17772557
I have to agree with Mike on this one.....

Any support relationship is down to trust.......you have to trust him to act in the best interest of your business.

As Mike said, get a Non Disclosure Agreement in place and refuse him access until him complies with that (obviously unless you've got an immediate problem)

If the box is a domain controller, then he pretty much has access as much as he likes.......

What I would suggest if you are uneasy about it, then install VNC on the server and change his password so that he doesn't know it.   At least when you ring him, you give him a session password for VNC and you can watch what he is doing on the console.  Once he has finished the work you want carried out, then change the password back to something he doesn't know.

Obviously it's not very trusting, and hopefully that would develop over a period of time, but certainly get a Non Disclosure Agreement in place.

Cheers
Si
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now