Solved

what's the best way to create a limited Admin an account?

Posted on 2007-11-27
2
127 Views
Last Modified: 2010-04-18
This is Windows Server 2003, not SBS. One of my clients has purchased a new accounting app that will be installed on their server by the vendor from whom they purchased it. This vendor is asking for remote access to their server so they can install the app remotely. I could go either way with whether or not to allow them to do this as a general rule regarding security, but I figured I'd ask to see if there is a fairly straight forward way to create a user account this vendor could use to connect remotely that has enough permissions to allow them to install this accounting software but doesn't give them complete ADMIN permissions on the server for obvious reasons.

Anyone have a good suggestion for creating such a limited account? Thanks.
0
Comment
Question by:WineGeek
2 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 20362608
If the server is a DC, then they need Admin rights to log on locally to it.  This would include RDP.

The best you can do is enable this policy:

Computer Config>Admin Templates>Windows Components>Terminal Services::

Sets Rules for Remote Control of Terminal Services user sessions = Enabled (Full Control with user's permissions).

Close Gpedit.
Run gpudate /force.

Create a temporary Admin account for this company.
Get them on the phone.
You log on to the console of the server (or console session using mstsc /console)
Have them connect using their account.
When they're logged in have them open Run and type "shadow 0"  without the quotes.
Give them permission to take control of YOUR session.
Now you can watch them.

When they're done and logged off, disable their account.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 20362966
I agree.

This allows you to monitor everything.
'The other solution is to use VNC or Pc Anywhere to do something similar.


I hope this helps !
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now