Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Setting up Admin and Remote Login for Vendor

Posted on 2013-10-22
4
Medium Priority
?
225 Views
Last Modified: 2013-11-07
How do I setup and admin account for my Shoretel Phone Vendor. He needs access to a dedicated server called PHONEX.

Would he RDP into my terminal server, then launch another RDP on the terminal server to get to PHONEX?

What type of credentials does he need. He has to be able to install software and make changes to the local server.

The software may need access to Active directory as well. Last i checked there was something in DNS about Shoretel.
0
Comment
Question by:MEATBALLHERO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39591435
If he needs to install software and make changes then he will probably need local admin rights only on that one server.  He should not need elevated rights on any other box.

For AD he probably just needs to be able to connect and read info out of AD which all users have by default (read access by default).

Thanks

Mike
0
 
LVL 22

Expert Comment

by:mcsween
ID: 39591442
1. I would create a firewall rule to NAT 3389 on an external IP to the internal IP of the PHONEX server.  This procedure is different for this on every firewall.  If you have limited public IPs you may want to do port translation as well (external port 9999 or something to internal port 3389)  If you tell me what type of firewall you have I can try to help with this rule if I'm familiar with that vendor/model.

2. I would have him RDP directly into the server.

3. He will need Administrator on the local machine if he needs to install software.  If he is modifying DNS records in Active Directory his user account will need to be a member of the "DNSAdmins" AD group.  He will also need the DNS managment console installed on the server so he can access DNS.
0
 

Author Comment

by:MEATBALLHERO
ID: 39591476
I have a sonicwall TZ210. I have 3 IP addresses available from Comcast. One is used for port forwarding for my TERMINAL SERVER for my sales people.

On my paperwork from comcast it says I have 3 static IP addresses I should say.

Does this mean I need another router? Or do the 3 come in on the same WAN?
0
 
LVL 22

Accepted Solution

by:
mcsween earned 2000 total points
ID: 39591519
SonicWALL is easy to do port translation; just use your main IP.  Replace IP addresses with yours in your environment.

Public IP - 8.8.8.8
Private IP of PHONEX - 192.168.1.10
Public Port - 9999 (this can be anything not in use)
Private Port - 3389 (This is default RDP port)

1. Create address object called PHONEX in the LAN zone as a host with ip 192.168.1.10
2. Create Service object "Phonex-WAN-RDP" with TCP port 9999
3. Create NAT Rule that looks like the screenshot. (This assumes X1 is your WAN port)
4. Create Firewall rule that looks like the screenshot (also assumes X1 is WAN port)
5. Ensure port TCP 3389 is open on the Server's firewall.
6. Give the vendor the address 8.8.8.8:9999 to use in their RDP client.  Of course, replace 8.8.8.8 with your actual public IP.
NAT.PNG
Firewall.PNG
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Working from home is a dream for many people who aren’t happy about getting up early, going to the office, and spending long hours at work. There are lots of benefits of remote work for employees.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question