?
Solved

Setting up Admin and Remote Login for Vendor

Posted on 2013-10-22
4
Medium Priority
?
222 Views
Last Modified: 2013-11-07
How do I setup and admin account for my Shoretel Phone Vendor. He needs access to a dedicated server called PHONEX.

Would he RDP into my terminal server, then launch another RDP on the terminal server to get to PHONEX?

What type of credentials does he need. He has to be able to install software and make changes to the local server.

The software may need access to Active directory as well. Last i checked there was something in DNS about Shoretel.
0
Comment
Question by:MEATBALLHERO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39591435
If he needs to install software and make changes then he will probably need local admin rights only on that one server.  He should not need elevated rights on any other box.

For AD he probably just needs to be able to connect and read info out of AD which all users have by default (read access by default).

Thanks

Mike
0
 
LVL 22

Expert Comment

by:mcsween
ID: 39591442
1. I would create a firewall rule to NAT 3389 on an external IP to the internal IP of the PHONEX server.  This procedure is different for this on every firewall.  If you have limited public IPs you may want to do port translation as well (external port 9999 or something to internal port 3389)  If you tell me what type of firewall you have I can try to help with this rule if I'm familiar with that vendor/model.

2. I would have him RDP directly into the server.

3. He will need Administrator on the local machine if he needs to install software.  If he is modifying DNS records in Active Directory his user account will need to be a member of the "DNSAdmins" AD group.  He will also need the DNS managment console installed on the server so he can access DNS.
0
 

Author Comment

by:MEATBALLHERO
ID: 39591476
I have a sonicwall TZ210. I have 3 IP addresses available from Comcast. One is used for port forwarding for my TERMINAL SERVER for my sales people.

On my paperwork from comcast it says I have 3 static IP addresses I should say.

Does this mean I need another router? Or do the 3 come in on the same WAN?
0
 
LVL 22

Accepted Solution

by:
mcsween earned 2000 total points
ID: 39591519
SonicWALL is easy to do port translation; just use your main IP.  Replace IP addresses with yours in your environment.

Public IP - 8.8.8.8
Private IP of PHONEX - 192.168.1.10
Public Port - 9999 (this can be anything not in use)
Private Port - 3389 (This is default RDP port)

1. Create address object called PHONEX in the LAN zone as a host with ip 192.168.1.10
2. Create Service object "Phonex-WAN-RDP" with TCP port 9999
3. Create NAT Rule that looks like the screenshot. (This assumes X1 is your WAN port)
4. Create Firewall rule that looks like the screenshot (also assumes X1 is WAN port)
5. Ensure port TCP 3389 is open on the Server's firewall.
6. Give the vendor the address 8.8.8.8:9999 to use in their RDP client.  Of course, replace 8.8.8.8 with your actual public IP.
NAT.PNG
Firewall.PNG
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question