Solved

Securing Quickbooks

Posted on 2014-04-15
8
409 Views
Last Modified: 2014-04-27
I have a client that is using Quickbooks 2014 Enterprise through remote desktop services on a server 2008r2 system.

The accountant advised that we need to lock the file down so that people cannot make a copy of it and email it to themselves or put it on a flash drive.  She mentioned that her other clients setup in the same manner as us are locked down.

I was trying to figure out how to accomplish this with file permissions, but am I looking at this the wrong way?  should I be looking at RemoteApps instead?
0
Comment
Question by:pmitllc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 40002859
I keep the ledger file on the server in a secured folder. The number of people who have access to this folder is very limited to trustworthy people.

Then, the ledger itself should have users with strong passwords and most users should have limited rights in QuickBooks.

Properly done, you are limited to one or two QuickBooks administrators and senior users who could take the file and do something with it. This is fairly secure.

The server admin (or two) could always take the file no matter what you do.

So limit access to the folder and access to QuickBooks and you should be fine. No auditor at any of my clients has suggested this is insufficient.
0
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 250 total points
ID: 40002860
We have done that same thing for one of our client's Windows 2008 RDS servers running QB 2014 Pro.

We created a special GPO that limits all users in the QB group from accessing the web. This places the security needed to stop email and web access, thus.. securing the QB data on the server.

We also installed a Cisco Small Business Firewall and placed an access limit on it so it only users  could only login between 7AM & 11PM M/F.

This has worked very well for us. I hope it provides a good sense of direction on how you can lock the server down for your client.

Hope this info helps!
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40002864
In addition to that, each user can only access their own folder where their QB company file is located.
0
Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

 
LVL 6

Author Comment

by:pmitllc
ID: 40003955
In addition to that, each user can only access their own folder where their QB company file is located.

Each user is logging into the domain with their own account, but they are all using the same QB company file.

We created a special GPO that limits all users in the QB group from accessing the web

I like this idea!
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40003961
Yes, just so you have multi-user active and enough licenses, that can all be using it at the same time.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40004963
Have I answered your question?
0
 
LVL 6

Assisted Solution

by:pmitllc
pmitllc earned 0 total points
ID: 40016113
Sorry for the delays as I wanted to see if there are any other suggestions.

I think both of you have provided good answers.  I took a quick look at the RemoteApp setup and thought it would take a long time to get working, but it was really fast and I think that is the best way.

Now my users don't have access to a server desktop and it looks like QB is on the system even though it isn't so they can take advantage of the dual monitors.

I would recommend this way.
0
 
LVL 6

Author Closing Comment

by:pmitllc
ID: 40025566
I have found that the RemoteApp setup works best in my situation, but the other solutions provided my work better for others.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question