Solved

Setting up Admin and Remote Login for Vendor

Posted on 2013-10-22
4
212 Views
Last Modified: 2013-11-07
How do I setup and admin account for my Shoretel Phone Vendor. He needs access to a dedicated server called PHONEX.

Would he RDP into my terminal server, then launch another RDP on the terminal server to get to PHONEX?

What type of credentials does he need. He has to be able to install software and make changes to the local server.

The software may need access to Active directory as well. Last i checked there was something in DNS about Shoretel.
0
Comment
Question by:MEATBALLHERO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39591435
If he needs to install software and make changes then he will probably need local admin rights only on that one server.  He should not need elevated rights on any other box.

For AD he probably just needs to be able to connect and read info out of AD which all users have by default (read access by default).

Thanks

Mike
0
 
LVL 22

Expert Comment

by:mcsween
ID: 39591442
1. I would create a firewall rule to NAT 3389 on an external IP to the internal IP of the PHONEX server.  This procedure is different for this on every firewall.  If you have limited public IPs you may want to do port translation as well (external port 9999 or something to internal port 3389)  If you tell me what type of firewall you have I can try to help with this rule if I'm familiar with that vendor/model.

2. I would have him RDP directly into the server.

3. He will need Administrator on the local machine if he needs to install software.  If he is modifying DNS records in Active Directory his user account will need to be a member of the "DNSAdmins" AD group.  He will also need the DNS managment console installed on the server so he can access DNS.
0
 

Author Comment

by:MEATBALLHERO
ID: 39591476
I have a sonicwall TZ210. I have 3 IP addresses available from Comcast. One is used for port forwarding for my TERMINAL SERVER for my sales people.

On my paperwork from comcast it says I have 3 static IP addresses I should say.

Does this mean I need another router? Or do the 3 come in on the same WAN?
0
 
LVL 22

Accepted Solution

by:
mcsween earned 500 total points
ID: 39591519
SonicWALL is easy to do port translation; just use your main IP.  Replace IP addresses with yours in your environment.

Public IP - 8.8.8.8
Private IP of PHONEX - 192.168.1.10
Public Port - 9999 (this can be anything not in use)
Private Port - 3389 (This is default RDP port)

1. Create address object called PHONEX in the LAN zone as a host with ip 192.168.1.10
2. Create Service object "Phonex-WAN-RDP" with TCP port 9999
3. Create NAT Rule that looks like the screenshot. (This assumes X1 is your WAN port)
4. Create Firewall rule that looks like the screenshot (also assumes X1 is WAN port)
5. Ensure port TCP 3389 is open on the Server's firewall.
6. Give the vendor the address 8.8.8.8:9999 to use in their RDP client.  Of course, replace 8.8.8.8 with your actual public IP.
NAT.PNG
Firewall.PNG
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question