Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 601
  • Last Modified:

Read only Admin access to domain servers

I have to give an outside consultant a login account to all my servers so that he can "Look them over" before making a proposal to management.

He will be accessing the domain via PPTP VPN, and then probably doing remote desktop as needed to the servers.

I need to create a read only account for him without re-inventing the wheel in my network and servers.

Thanks in advance
0
RKoons
Asked:
RKoons
2 Solutions
 
Mike KlineCommented:
by default a normal account has read access to most objects in AD.  When you say "look them over" what does that mean.  You can give an account logon locally rights as described here  http://blogs.technet.com/b/activedirectoryua/archive/2010/01/25/allow-logon-locally-to-a-domain-controller.aspx?wa=wsignin1.0

Notice they also mention some of the builtin groups like server operators.  Be careful if you give him elevated rights; you always have to be careful if you go down that route.

Thanks

Mike
0
 
AwinishCommented:
As Mike said, Users in domain by default have read access data in AD, they can't write or change anything in AD, so you can add them in RDP group to allow logon through terminal services & no other membership is required to read the data.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now