Solved

Securing Quickbooks

Posted on 2014-04-15
8
405 Views
Last Modified: 2014-04-27
I have a client that is using Quickbooks 2014 Enterprise through remote desktop services on a server 2008r2 system.

The accountant advised that we need to lock the file down so that people cannot make a copy of it and email it to themselves or put it on a flash drive.  She mentioned that her other clients setup in the same manner as us are locked down.

I was trying to figure out how to accomplish this with file permissions, but am I looking at this the wrong way?  should I be looking at RemoteApps instead?
0
Comment
Question by:pmitllc
  • 4
  • 3
8 Comments
 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 40002859
I keep the ledger file on the server in a secured folder. The number of people who have access to this folder is very limited to trustworthy people.

Then, the ledger itself should have users with strong passwords and most users should have limited rights in QuickBooks.

Properly done, you are limited to one or two QuickBooks administrators and senior users who could take the file and do something with it. This is fairly secure.

The server admin (or two) could always take the file no matter what you do.

So limit access to the folder and access to QuickBooks and you should be fine. No auditor at any of my clients has suggested this is insufficient.
0
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 250 total points
ID: 40002860
We have done that same thing for one of our client's Windows 2008 RDS servers running QB 2014 Pro.

We created a special GPO that limits all users in the QB group from accessing the web. This places the security needed to stop email and web access, thus.. securing the QB data on the server.

We also installed a Cisco Small Business Firewall and placed an access limit on it so it only users  could only login between 7AM & 11PM M/F.

This has worked very well for us. I hope it provides a good sense of direction on how you can lock the server down for your client.

Hope this info helps!
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40002864
In addition to that, each user can only access their own folder where their QB company file is located.
0
 
LVL 6

Author Comment

by:pmitllc
ID: 40003955
In addition to that, each user can only access their own folder where their QB company file is located.

Each user is logging into the domain with their own account, but they are all using the same QB company file.

We created a special GPO that limits all users in the QB group from accessing the web

I like this idea!
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40003961
Yes, just so you have multi-user active and enough licenses, that can all be using it at the same time.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40004963
Have I answered your question?
0
 
LVL 6

Assisted Solution

by:pmitllc
pmitllc earned 0 total points
ID: 40016113
Sorry for the delays as I wanted to see if there are any other suggestions.

I think both of you have provided good answers.  I took a quick look at the RemoteApp setup and thought it would take a long time to get working, but it was really fast and I think that is the best way.

Now my users don't have access to a server desktop and it looks like QB is on the system even though it isn't so they can take advantage of the dual monitors.

I would recommend this way.
0
 
LVL 6

Author Closing Comment

by:pmitllc
ID: 40025566
I have found that the RemoteApp setup works best in my situation, but the other solutions provided my work better for others.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now