?
Solved

what's the best way to create a limited Admin an account?

Posted on 2007-11-27
2
Medium Priority
?
133 Views
Last Modified: 2010-04-18
This is Windows Server 2003, not SBS. One of my clients has purchased a new accounting app that will be installed on their server by the vendor from whom they purchased it. This vendor is asking for remote access to their server so they can install the app remotely. I could go either way with whether or not to allow them to do this as a general rule regarding security, but I figured I'd ask to see if there is a fairly straight forward way to create a user account this vendor could use to connect remotely that has enough permissions to allow them to install this accounting software but doesn't give them complete ADMIN permissions on the server for obvious reasons.

Anyone have a good suggestion for creating such a limited account? Thanks.
0
Comment
Question by:WineGeek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 20362608
If the server is a DC, then they need Admin rights to log on locally to it.  This would include RDP.

The best you can do is enable this policy:

Computer Config>Admin Templates>Windows Components>Terminal Services::

Sets Rules for Remote Control of Terminal Services user sessions = Enabled (Full Control with user's permissions).

Close Gpedit.
Run gpudate /force.

Create a temporary Admin account for this company.
Get them on the phone.
You log on to the console of the server (or console session using mstsc /console)
Have them connect using their account.
When they're logged in have them open Run and type "shadow 0"  without the quotes.
Give them permission to take control of YOUR session.
Now you can watch them.

When they're done and logged off, disable their account.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 20362966
I agree.

This allows you to monitor everything.
'The other solution is to use VNC or Pc Anywhere to do something similar.


I hope this helps !
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question