Solved

what's the best way to create a limited Admin an account?

Posted on 2007-11-27
2
132 Views
Last Modified: 2010-04-18
This is Windows Server 2003, not SBS. One of my clients has purchased a new accounting app that will be installed on their server by the vendor from whom they purchased it. This vendor is asking for remote access to their server so they can install the app remotely. I could go either way with whether or not to allow them to do this as a general rule regarding security, but I figured I'd ask to see if there is a fairly straight forward way to create a user account this vendor could use to connect remotely that has enough permissions to allow them to install this accounting software but doesn't give them complete ADMIN permissions on the server for obvious reasons.

Anyone have a good suggestion for creating such a limited account? Thanks.
0
Comment
Question by:WineGeek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 20362608
If the server is a DC, then they need Admin rights to log on locally to it.  This would include RDP.

The best you can do is enable this policy:

Computer Config>Admin Templates>Windows Components>Terminal Services::

Sets Rules for Remote Control of Terminal Services user sessions = Enabled (Full Control with user's permissions).

Close Gpedit.
Run gpudate /force.

Create a temporary Admin account for this company.
Get them on the phone.
You log on to the console of the server (or console session using mstsc /console)
Have them connect using their account.
When they're logged in have them open Run and type "shadow 0"  without the quotes.
Give them permission to take control of YOUR session.
Now you can watch them.

When they're done and logged off, disable their account.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 20362966
I agree.

This allows you to monitor everything.
'The other solution is to use VNC or Pc Anywhere to do something similar.


I hope this helps !
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Learn about cloud computing and its benefits for small business owners.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question