Allow user access to just one server

I need to give access to a remote user and allow them administrative access to just one server on my Windows 2003 network.  That server is also a Windows 2003 server.  What is the best way to do this?
Lanee KirbyAsked:
Who is Participating?
 
bigeven2002Connect With a Mentor Commented:
Hello,

The way we've done it is on the 2003 server itself, go to Start and right-click on My Computer and select Manage.  In the Computer Management window, on the left pane, expand Local Users and Groups and highlight Groups.  On the right pane, double-click Adminstrators.  In the properties window, click Add and add the remote user to the list, then Apply.  If the user is already logged in, they will need to logoff first for the change to take effect.
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
Add them to the administrators group and enable remote desktop.
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
That would be the local administrators group of the domain member server.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
AnuroopsunddCommented:
If you just want to give access to one server.. you can add that user to local administrator group.

If the user is not part of the Domain then you can create a local account on that system and share account information.
0
 
bill_lynchConnect With a Mentor Commented:
Greetings:

I'd also lock it down on the AD side, i.e. allow the AD account to only log into one computer:'

In AD, on the user properties on the account tab, click the LogOnTo button then click the following computers and select the computer you want the user to be limited to.
0
 
ChiefITCommented:
What are you trying to allow this person to do on your AD domain controllers?

If you need help like this, you should do a netmeeting and allow them to control the desktop. BUT, monitor everything they do.

On an AD server, there is NO local administration. So, you can't have them logon as a local admin.

You can add them to remote desktop, but what permissions are you going to give them as a remote desktop user?

Personally, I would fix things on my AD all by myself and tell that person who wants access to take a flying leap.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.