Our IT auditors have requested access to our windows servers (2003 predominantly) to check certain configuration settings on the Server. What kind of account could/should we give them that gives them read-only access to every configuration setting/file on the Server but doesn’t give them any permission that could cause issues to the availability of the Server, i.e. so they cant screw anything up? Not being a server admin myself, what tool could the auditors use to remotely access the Server, and is their any risk to the availability of the Server by just allowing them to logon? What’s the worst that could happen if they logon during peak hours 9-5? Anything?
And is there any other solution that I have no considered? I don’t know how easy it is to clone a server and give them access to the clone, assume that’s quite a huge job?