asked on Sharepoint administrators - RDP access required?
We have just installed a SharePoint 2013 environment. To my understanding all of the sites are working with direct connection but not when using the load balance.
Our SharePoint administrator is requesting full rdp access to the servers so they he can publish the sites.
I don't have an understanding of SharePoint so I don't know if this is true. I thought that all administration could be performed using the SharePoint Central Administration web page?
Do SP admins require RDP access to the servers?
Is IIS administration required, or can it be done using the SCA web front end?
I don't like providing RDP access to web developers, or anyone for that matter, just because they ask for it. Especially for critical systems like this one.
Our SharePoint administrator is requesting full rdp access to the servers so they he can publish the sites.
I don't have an understanding of SharePoint so I don't know if this is true. I thought that all administration could be performed using the SharePoint Central Administration web page?
Do SP admins require RDP access to the servers?
Is IIS administration required, or can it be done using the SCA web front end?
I don't like providing RDP access to web developers, or anyone for that matter, just because they ask for it. Especially for critical systems like this one.
Microsoft SharePointWindows Server 2012Windows Server 2008
Last Comment
lltc78
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks guys.
However, the way I read that is that it's a more convenient access method and not a requirement?
Logs, event viewer and counters can be checked remotely, and easily so that's not even an inconvenience in my opinion.
As a Windows administrator, I usually check those types of things remotely even though I have RDP access.
These admins have access to the SP farm administrative account, and all other SP service accounts, which is a local admin so does that mean they can do ALL the tasks via central admin with these accounts rather than RDP?
If IIS administration is required for SharePoint (?), then I don't mind allowing RDP for this administrative task. But from my own research I haven't been able to identify where IIS admin comes into it after installation. Excuse my ignorance if that is not the case, hence my posting on here.
Also, I'm not certain of their powershell abilities, so are there tasks that can't be done using Central Admin but can be done using another GUI within Windows rather than using remote powershell? If so, that's another reason for allowing RDP.
Also, I'm not referring to initial installation. That has been completed already. I'm referring to administration.
Due to the high visibility of this environment, and security requirements for the business I wanted to make sure that this is a necessity rather than nice to have just because they want to have it.
However, the way I read that is that it's a more convenient access method and not a requirement?
Logs, event viewer and counters can be checked remotely, and easily so that's not even an inconvenience in my opinion.
As a Windows administrator, I usually check those types of things remotely even though I have RDP access.
These admins have access to the SP farm administrative account, and all other SP service accounts, which is a local admin so does that mean they can do ALL the tasks via central admin with these accounts rather than RDP?
If IIS administration is required for SharePoint (?), then I don't mind allowing RDP for this administrative task. But from my own research I haven't been able to identify where IIS admin comes into it after installation. Excuse my ignorance if that is not the case, hence my posting on here.
Also, I'm not certain of their powershell abilities, so are there tasks that can't be done using Central Admin but can be done using another GUI within Windows rather than using remote powershell? If so, that's another reason for allowing RDP.
Also, I'm not referring to initial installation. That has been completed already. I'm referring to administration.
Due to the high visibility of this environment, and security requirements for the business I wanted to make sure that this is a necessity rather than nice to have just because they want to have it.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks SneekCo for the thorough response. That's exactly the justification I wanted.
The red flag you noted is what made me ask this question in the first place.
I appreciate your explanation above.
Cheers
The red flag you noted is what made me ask this question in the first place.
I appreciate your explanation above.
Cheers
Keep in mind, the farm account and the initial installation service account must be local admin on the boxes during the installation phase, so your SharePoint admin could circumvent your restrictions and RDP with one of those accounts.
Keep him honest and grant him the access he needs to get the job done right.
Just my two cents worth...