Solved

Securing Quickbooks

Posted on 2014-04-15
8
404 Views
Last Modified: 2014-04-27
I have a client that is using Quickbooks 2014 Enterprise through remote desktop services on a server 2008r2 system.

The accountant advised that we need to lock the file down so that people cannot make a copy of it and email it to themselves or put it on a flash drive.  She mentioned that her other clients setup in the same manner as us are locked down.

I was trying to figure out how to accomplish this with file permissions, but am I looking at this the wrong way?  should I be looking at RemoteApps instead?
0
Comment
Question by:pmitllc
  • 4
  • 3
8 Comments
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 40002859
I keep the ledger file on the server in a secured folder. The number of people who have access to this folder is very limited to trustworthy people.

Then, the ledger itself should have users with strong passwords and most users should have limited rights in QuickBooks.

Properly done, you are limited to one or two QuickBooks administrators and senior users who could take the file and do something with it. This is fairly secure.

The server admin (or two) could always take the file no matter what you do.

So limit access to the folder and access to QuickBooks and you should be fine. No auditor at any of my clients has suggested this is insufficient.
0
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 250 total points
ID: 40002860
We have done that same thing for one of our client's Windows 2008 RDS servers running QB 2014 Pro.

We created a special GPO that limits all users in the QB group from accessing the web. This places the security needed to stop email and web access, thus.. securing the QB data on the server.

We also installed a Cisco Small Business Firewall and placed an access limit on it so it only users  could only login between 7AM & 11PM M/F.

This has worked very well for us. I hope it provides a good sense of direction on how you can lock the server down for your client.

Hope this info helps!
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40002864
In addition to that, each user can only access their own folder where their QB company file is located.
0
 
LVL 6

Author Comment

by:pmitllc
ID: 40003955
In addition to that, each user can only access their own folder where their QB company file is located.

Each user is logging into the domain with their own account, but they are all using the same QB company file.

We created a special GPO that limits all users in the QB group from accessing the web

I like this idea!
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40003961
Yes, just so you have multi-user active and enough licenses, that can all be using it at the same time.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40004963
Have I answered your question?
0
 
LVL 6

Assisted Solution

by:pmitllc
pmitllc earned 0 total points
ID: 40016113
Sorry for the delays as I wanted to see if there are any other suggestions.

I think both of you have provided good answers.  I took a quick look at the RemoteApp setup and thought it would take a long time to get working, but it was really fast and I think that is the best way.

Now my users don't have access to a server desktop and it looks like QB is on the system even though it isn't so they can take advantage of the dual monitors.

I would recommend this way.
0
 
LVL 6

Author Closing Comment

by:pmitllc
ID: 40025566
I have found that the RemoteApp setup works best in my situation, but the other solutions provided my work better for others.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now