Solved

what's the best way to create a limited Admin an account?

Posted on 2007-11-27
2
128 Views
Last Modified: 2010-04-18
This is Windows Server 2003, not SBS. One of my clients has purchased a new accounting app that will be installed on their server by the vendor from whom they purchased it. This vendor is asking for remote access to their server so they can install the app remotely. I could go either way with whether or not to allow them to do this as a general rule regarding security, but I figured I'd ask to see if there is a fairly straight forward way to create a user account this vendor could use to connect remotely that has enough permissions to allow them to install this accounting software but doesn't give them complete ADMIN permissions on the server for obvious reasons.

Anyone have a good suggestion for creating such a limited account? Thanks.
0
Comment
Question by:WineGeek
2 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 20362608
If the server is a DC, then they need Admin rights to log on locally to it.  This would include RDP.

The best you can do is enable this policy:

Computer Config>Admin Templates>Windows Components>Terminal Services::

Sets Rules for Remote Control of Terminal Services user sessions = Enabled (Full Control with user's permissions).

Close Gpedit.
Run gpudate /force.

Create a temporary Admin account for this company.
Get them on the phone.
You log on to the console of the server (or console session using mstsc /console)
Have them connect using their account.
When they're logged in have them open Run and type "shadow 0"  without the quotes.
Give them permission to take control of YOUR session.
Now you can watch them.

When they're done and logged off, disable their account.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 20362966
I agree.

This allows you to monitor everything.
'The other solution is to use VNC or Pc Anywhere to do something similar.


I hope this helps !
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now