• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 234
  • Last Modified:

Setting up Admin and Remote Login for Vendor

How do I setup and admin account for my Shoretel Phone Vendor. He needs access to a dedicated server called PHONEX.

Would he RDP into my terminal server, then launch another RDP on the terminal server to get to PHONEX?

What type of credentials does he need. He has to be able to install software and make changes to the local server.

The software may need access to Active directory as well. Last i checked there was something in DNS about Shoretel.
0
MEATBALLHERO
Asked:
MEATBALLHERO
  • 2
1 Solution
 
Mike KlineCommented:
If he needs to install software and make changes then he will probably need local admin rights only on that one server.  He should not need elevated rights on any other box.

For AD he probably just needs to be able to connect and read info out of AD which all users have by default (read access by default).

Thanks

Mike
0
 
mcsweenSr. Network AdministratorCommented:
1. I would create a firewall rule to NAT 3389 on an external IP to the internal IP of the PHONEX server.  This procedure is different for this on every firewall.  If you have limited public IPs you may want to do port translation as well (external port 9999 or something to internal port 3389)  If you tell me what type of firewall you have I can try to help with this rule if I'm familiar with that vendor/model.

2. I would have him RDP directly into the server.

3. He will need Administrator on the local machine if he needs to install software.  If he is modifying DNS records in Active Directory his user account will need to be a member of the "DNSAdmins" AD group.  He will also need the DNS managment console installed on the server so he can access DNS.
0
 
MEATBALLHEROAuthor Commented:
I have a sonicwall TZ210. I have 3 IP addresses available from Comcast. One is used for port forwarding for my TERMINAL SERVER for my sales people.

On my paperwork from comcast it says I have 3 static IP addresses I should say.

Does this mean I need another router? Or do the 3 come in on the same WAN?
0
 
mcsweenSr. Network AdministratorCommented:
SonicWALL is easy to do port translation; just use your main IP.  Replace IP addresses with yours in your environment.

Public IP - 8.8.8.8
Private IP of PHONEX - 192.168.1.10
Public Port - 9999 (this can be anything not in use)
Private Port - 3389 (This is default RDP port)

1. Create address object called PHONEX in the LAN zone as a host with ip 192.168.1.10
2. Create Service object "Phonex-WAN-RDP" with TCP port 9999
3. Create NAT Rule that looks like the screenshot. (This assumes X1 is your WAN port)
4. Create Firewall rule that looks like the screenshot (also assumes X1 is WAN port)
5. Ensure port TCP 3389 is open on the Server's firewall.
6. Give the vendor the address 8.8.8.8:9999 to use in their RDP client.  Of course, replace 8.8.8.8 with your actual public IP.
NAT.PNG
Firewall.PNG
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now