• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 112
  • Last Modified:

Best Way to Give Third Party Access to My Network

Our accounting department has contracted with Mosaic (http://www.mosaiccorp.com/) to perform various document management tasks for processing invoices.

The main item that Mosaic needs to implement its app, Eclipse, which uploads the documents from our LAN to Mosaic's server, is a machine to install Eclipse and some space on a drive to store the documents scanned from the various offices. This is all set up.

My problem is deciding upon the best way to give the Mosaic people access to that local machine to run their app.

The Mosaic engineer said that they routinely use GoToMyPC to manage their app on their clients' machines. Though I believe Mosaic to be trustworthy and to not muck up my machine, I can't think of a way to keep them from looking around my network if we use GoToMyPC. My only other idea is to set up RDP for them, though that doesn't really keep them from peeking, either. The engineer said that the access is just for checking on the app periodically and that .

The local machine in question is a Dell PowerEdge T310. It is a member server running Server 2008 Standard SP2. There is nothing on it but an FAQ app that we don't use. In fact, this box pretty much just sits there. I partitioned off 100GB for the files and set up the folder structure. We are ready to move except for granting Mosaic access to the machine/network.

Suggestions?
0
gbrooke
Asked:
gbrooke
  • 2
  • 2
2 Solutions
 
Andy MIT Systems ManagerCommented:
You could setup an AD account for them which only allows access to that particular machine (deny logon rights to any other device on the network, don't make it a domain admin, don't allow access to shared folders, etc). That should prevent them from snooping. In addition you can also set the account to auto-disable at a particular length of time so that they have to call up to get access to the device when required.
1
 
Bryant SchaperCommented:
Andy said what I was going to, you could also control the gotomypc account, so you can disable and enable as needed so they dont have free reign to logon whenever they need to.  We use to use a product that required a unique pin each time for access to maintain our SOX compliance.  I believe it Bomgar.
0
 
gbrookeAuthor Commented:
Our remote access app is TeamViewer. I did think about checking with them to see if they had some way of limiting the third party's access but I kept going back to RDP and AD. Since you both recommend that, I believe I will do it that way.

One other thing: Should I use the server or dedicate a desktop to this? I chose the server mostly because it's not doing anything and wanted to get some mileage out of the hardware. I do have a couple of older Optiplexes on the shelf that I could rebuild, stick in a corner and dedicate to this.
0
 
Bryant SchaperCommented:
You could use either, is it the only function of that server?  

Teamviewer can be setup so you provide the session id, then you can control the session access
0
 
gbrookeAuthor Commented:
Thanks, gents. I'm going to leave it on the server for now and set up RDP.
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now