?
Solved

Securing Quickbooks

Posted on 2014-04-15
8
Medium Priority
?
414 Views
Last Modified: 2014-04-27
I have a client that is using Quickbooks 2014 Enterprise through remote desktop services on a server 2008r2 system.

The accountant advised that we need to lock the file down so that people cannot make a copy of it and email it to themselves or put it on a flash drive.  She mentioned that her other clients setup in the same manner as us are locked down.

I was trying to figure out how to accomplish this with file permissions, but am I looking at this the wrong way?  should I be looking at RemoteApps instead?
0
Comment
Question by:pmitllc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 97

Assisted Solution

by:Experienced Member
Experienced Member earned 1000 total points
ID: 40002859
I keep the ledger file on the server in a secured folder. The number of people who have access to this folder is very limited to trustworthy people.

Then, the ledger itself should have users with strong passwords and most users should have limited rights in QuickBooks.

Properly done, you are limited to one or two QuickBooks administrators and senior users who could take the file and do something with it. This is fairly secure.

The server admin (or two) could always take the file no matter what you do.

So limit access to the folder and access to QuickBooks and you should be fine. No auditor at any of my clients has suggested this is insufficient.
0
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 1000 total points
ID: 40002860
We have done that same thing for one of our client's Windows 2008 RDS servers running QB 2014 Pro.

We created a special GPO that limits all users in the QB group from accessing the web. This places the security needed to stop email and web access, thus.. securing the QB data on the server.

We also installed a Cisco Small Business Firewall and placed an access limit on it so it only users  could only login between 7AM & 11PM M/F.

This has worked very well for us. I hope it provides a good sense of direction on how you can lock the server down for your client.

Hope this info helps!
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40002864
In addition to that, each user can only access their own folder where their QB company file is located.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 6

Author Comment

by:pmitllc
ID: 40003955
In addition to that, each user can only access their own folder where their QB company file is located.

Each user is logging into the domain with their own account, but they are all using the same QB company file.

We created a special GPO that limits all users in the QB group from accessing the web

I like this idea!
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40003961
Yes, just so you have multi-user active and enough licenses, that can all be using it at the same time.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40004963
Have I answered your question?
0
 
LVL 6

Assisted Solution

by:pmitllc
pmitllc earned 0 total points
ID: 40016113
Sorry for the delays as I wanted to see if there are any other suggestions.

I think both of you have provided good answers.  I took a quick look at the RemoteApp setup and thought it would take a long time to get working, but it was really fast and I think that is the best way.

Now my users don't have access to a server desktop and it looks like QB is on the system even though it isn't so they can take advantage of the dual monitors.

I would recommend this way.
0
 
LVL 6

Author Closing Comment

by:pmitllc
ID: 40025566
I have found that the RemoteApp setup works best in my situation, but the other solutions provided my work better for others.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question