• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 138
  • Last Modified:

what's the best way to create a limited Admin an account?

This is Windows Server 2003, not SBS. One of my clients has purchased a new accounting app that will be installed on their server by the vendor from whom they purchased it. This vendor is asking for remote access to their server so they can install the app remotely. I could go either way with whether or not to allow them to do this as a general rule regarding security, but I figured I'd ask to see if there is a fairly straight forward way to create a user account this vendor could use to connect remotely that has enough permissions to allow them to install this accounting software but doesn't give them complete ADMIN permissions on the server for obvious reasons.

Anyone have a good suggestion for creating such a limited account? Thanks.
0
WineGeek
Asked:
WineGeek
1 Solution
 
Netman66Commented:
If the server is a DC, then they need Admin rights to log on locally to it.  This would include RDP.

The best you can do is enable this policy:

Computer Config>Admin Templates>Windows Components>Terminal Services::

Sets Rules for Remote Control of Terminal Services user sessions = Enabled (Full Control with user's permissions).

Close Gpedit.
Run gpudate /force.

Create a temporary Admin account for this company.
Get them on the phone.
You log on to the console of the server (or console session using mstsc /console)
Have them connect using their account.
When they're logged in have them open Run and type "shadow 0"  without the quotes.
Give them permission to take control of YOUR session.
Now you can watch them.

When they're done and logged off, disable their account.
0
 
SysExpertCommented:
I agree.

This allows you to monitor everything.
'The other solution is to use VNC or Pc Anywhere to do something similar.


I hope this helps !
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now