Solved

Read only Admin access to domain servers

Posted on 2010-11-15
2
582 Views
Last Modified: 2012-05-10
I have to give an outside consultant a login account to all my servers so that he can "Look them over" before making a proposal to management.

He will be accessing the domain via PPTP VPN, and then probably doing remote desktop as needed to the servers.

I need to create a read only account for him without re-inventing the wheel in my network and servers.

Thanks in advance
0
Comment
Question by:RKoons
2 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 34142564
by default a normal account has read access to most objects in AD.  When you say "look them over" what does that mean.  You can give an account logon locally rights as described here  http://blogs.technet.com/b/activedirectoryua/archive/2010/01/25/allow-logon-locally-to-a-domain-controller.aspx?wa=wsignin1.0

Notice they also mention some of the builtin groups like server operators.  Be careful if you give him elevated rights; you always have to be careful if you go down that route.

Thanks

Mike
0
 
LVL 24

Assisted Solution

by:Awinish
Awinish earned 250 total points
ID: 34143908
As Mike said, Users in domain by default have read access data in AD, they can't write or change anything in AD, so you can add them in RDP group to allow logon through terminal services & no other membership is required to read the data.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Synchronize a new Active Directory domain with an existing Office 365 tenant
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question