We help IT Professionals succeed at work.

Tips for setting up Server 2012 user accounts

holcomb_frank
holcomb_frank asked
on
We are setting up our first 2012 server -  in the past when setting up servers , we would make a copy of the administrators account so that if something happened to that profile we would have an alternate to log in with. We are setting up a dedicated server, that will set outside of our domain, and will be primarily used by an employee from another or our locations. So this user will need admin rights to use and perform regular maintenance and other program features. We would also like to be able to log in with admin rights so that we can monitor this user and server. Looking for the best suggestions for having this extra admin account for those just in case times?  Our back door ?
Comment
Watch Question

JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Server 2012 is like earlier servers in this respect. You can set up a new account and make it a member of domain administrators. The password should be very secure.

Author

Commented:
John,

I have my domain at my office location. We've been asked by another group to host a server at our location for them. It will sit in our building and use our network/gateway for internet access only. It will not be a member of the domain. What I need to do is set up the server so that a person from this remote location, can connect to the server over our vpn connection and have access and administer this server. But I don't want them to be able to access our domain at all while on this server. Obviously that is not a problem. They don't have a username or password to access the domain. But because this server sits at our location, we would like to be able to login to it if there are issues or to check on backups or whatever. So if we created an additional administrative account on this pc for us....... what steps could be taken to keep the Remote Adminsistrator from changing our password on this specific server and locking us out. Or is this entirely a trust issue between individuals.?  Just looking for suggestions for this type of scenario. I hope this explanation helps in understanding our question. And we are using strong passwords, thanks for that reminder as well.
Business Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
I don't want them to be able to access our domain at all while on this server <-- They have access to the network via the VPN connection, so just make certain all passwords on "your" machines are very secure. Unless the other group are intent on hacking you, it should not be a problem.

what steps could be taken to keep the Remote Administrator from changing our password on this specific server and locking us out.   <-- None. An administrator can lock out another administrator any time. So it is just a trust relationship. Same as the first point above in many ways.

You need to know the other party, have a conversation and agree to treat each other respectfully.

Author

Commented:
Thanks John.... that's what I thought....just want to throw that out there to make sure I'm not missing anything. Thanks for your time and input.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
@holcomb_frank  - You are very welcome and I was happy to help.