Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Allow user access to just one server

Posted on 2012-04-13
6
Medium Priority
?
345 Views
Last Modified: 2012-04-16
I need to give access to a remote user and allow them administrative access to just one server on my Windows 2003 network.  That server is also a Windows 2003 server.  What is the best way to do this?
0
Comment
Question by:Lanee Kirby
6 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 37842822
Add them to the administrators group and enable remote desktop.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 37842825
That would be the local administrators group of the domain member server.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37842829
If you just want to give access to one server.. you can add that user to local administrator group.

If the user is not part of the Domain then you can create a local account on that system and share account information.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 17

Accepted Solution

by:
bigeven2002 earned 1000 total points
ID: 37842839
Hello,

The way we've done it is on the 2003 server itself, go to Start and right-click on My Computer and select Manage.  In the Computer Management window, on the left pane, expand Local Users and Groups and highlight Groups.  On the right pane, double-click Adminstrators.  In the properties window, click Add and add the remote user to the list, then Apply.  If the user is already logged in, they will need to logoff first for the change to take effect.
0
 
LVL 9

Assisted Solution

by:bill_lynch
bill_lynch earned 1000 total points
ID: 37843603
Greetings:

I'd also lock it down on the AD side, i.e. allow the AD account to only log into one computer:'

In AD, on the user properties on the account tab, click the LogOnTo button then click the following computers and select the computer you want the user to be limited to.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 37845523
What are you trying to allow this person to do on your AD domain controllers?

If you need help like this, you should do a netmeeting and allow them to control the desktop. BUT, monitor everything they do.

On an AD server, there is NO local administration. So, you can't have them logon as a local admin.

You can add them to remote desktop, but what permissions are you going to give them as a remote desktop user?

Personally, I would fix things on my AD all by myself and tell that person who wants access to take a flying leap.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question