Using the as-a-service approach for your business model allows you to grow your revenue stream with new practice areas, without forcing you to part ways with existing clients just because they don’t fit the mold of your new service offerings.
how to grant the following from our servers?
I have a vendor that has asked the following from us:
An account with rights to access all mailbox in exchange? and access to the DNS for our company.
What would be the best way of giving this to them. Our domain controller and our exchange are on 2 different VM's.
Thanks in advance.
An account with rights to access all mailbox in exchange? and access to the DNS for our company.
What would be the best way of giving this to them. Our domain controller and our exchange are on 2 different VM's.
Thanks in advance.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
LVL 19
If this is a trusted Vendor, get them VPN access with a keyfob(secure ID) to access your systems. The secure ID will require them to create a pin so not just anyone can access your network, if this is at all possible. If not I would wait for another expert to chime in.
Personally, I'd be asking why they need that level of access. What service is the vendor providing? Also, do they need to have this for stuff they have to do manually, or do they just need to have a service account with this level of access? We need a little more information to properly answer the question.
If you trust him you can create another VM with Windows 7 / 8 / 10
Create user for hime and add this user to Domain admins group.
Enable Audit on domain to know all changes and give him RDP or VPN access to this VM station.
On VM station you can install Microsoft Remote Desktop Manager and configure access to both servers , Exchange and DC
I'm not understand why he need access to all mailboxes, you need to discuss this with your Boss, since some company information, specially his can be classified.
If your boss will be OK with this then you need to give this new user full success permission to all mailboxes in EAC or using power shell
You can do this by adding user to Organization Manager group
Add-RoleGroupMember "Organization Management" -Member "<account name>"
then
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User admin@example.com -AccessRights fullaccess -InheritanceType all -AutoMapping:$false
Create user for hime and add this user to Domain admins group.
Enable Audit on domain to know all changes and give him RDP or VPN access to this VM station.
On VM station you can install Microsoft Remote Desktop Manager and configure access to both servers , Exchange and DC
I'm not understand why he need access to all mailboxes, you need to discuss this with your Boss, since some company information, specially his can be classified.
If your boss will be OK with this then you need to give this new user full success permission to all mailboxes in EAC or using power shell
You can do this by adding user to Organization Manager group
Add-RoleGroupMember "Organization Management" -Member "<account name>"
then
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User admin@example.com -AccessRights fullaccess -InheritanceType all -AutoMapping:$false
We are trying to migrate out Exchange server 2010 mailbox, public folder and other things to Office 365 Pro. Currently we host our exchange and house all our mailboxes.
If that makes sense.
If that makes sense.
So Tom if I follow the above correctly....
I would first need to get a connection either an RDP or a VPN to each VM server ( We have a domain and an exchange). Second I would need to configure a user account with Domain admin rights? In my logic correct?
Would I create the server in the active directory or use the wizards in the SERVER 2012 application?
Thanks,
I would first need to get a connection either an RDP or a VPN to each VM server ( We have a domain and an exchange). Second I would need to configure a user account with Domain admin rights? In my logic correct?
Would I create the server in the active directory or use the wizards in the SERVER 2012 application?
Thanks,
Would I create the server in the active directory or use the wizards in the SERVER 2012 application?
Regular new VM installation would be enough.
You can delete this workstation after all will be done if you don't going to need it.
After you setup new VM workstation with new account install Microsoft Remote Desktop Manager and add this servers you want to give him access to. Test connections.
https://www.microsoft.com/en-us/download/details.aspx?id=44989
You don;t need to create VPN if you don;t want to. Just enable (reroute) RDP on your firewall to this new virtual machine
Regular new VM installation would be enough.
You can delete this workstation after all will be done if you don't going to need it.
After you setup new VM workstation with new account install Microsoft Remote Desktop Manager and add this servers you want to give him access to. Test connections.
https://www.microsoft.com/en-us/download/details.aspx?id=44989
You don;t need to create VPN if you don;t want to. Just enable (reroute) RDP on your firewall to this new virtual machine
OK so I noticed the VM servers I wanted to give the RDP access to is not created. How can I create an RDP for him to log in to both servers?
Thanks
Thanks
I have a filling you're not reading my comments.
I just explained you everything.
You can't give access to 2 machines in same time from outside because only one rule can be created on firewall.
You can change port for RDP to one server but it's a lot more complicated.
So best solution is give him RDP access to one of workstation in your domain then setup RDP using MRDM to servers he need. If you don;t have spare workstation you can install Virtual Workstation on your Virtual server and setup it for him. I did explained this in my previous posts.
I just explained you everything.
You can't give access to 2 machines in same time from outside because only one rule can be created on firewall.
You can change port for RDP to one server but it's a lot more complicated.
So best solution is give him RDP access to one of workstation in your domain then setup RDP using MRDM to servers he need. If you don;t have spare workstation you can install Virtual Workstation on your Virtual server and setup it for him. I did explained this in my previous posts.
OK how do I give him access?
How to I create an RDP IP outside address is there was never one created before?
I am just not following you.
Sorry!
How to I create an RDP IP outside address is there was never one created before?
I am just not following you.
Sorry!
Watch this video it helps you setup up what you want for a home PC but its the same principal.
http://www.appdataworks.com/allow-remote-desktop-connections-from-outside-your-network/
http://www.appdataworks.com/allow-remote-desktop-connections-from-outside-your-network/
You need to create rule on your company firewall to forward port 3389 to internal IP (workstation or VM)
It's very simple.
It's very simple.
Tom,
This rule that I need to create...... We have a Soniwall firewall device TZ 215 to be exact. However I know our other VM have outside IP address created for them? Where does that get done?
This rule that I need to create...... We have a Soniwall firewall device TZ 215 to be exact. However I know our other VM have outside IP address created for them? Where does that get done?
You can use the Public Server Wizard to open up a port (most user friendly way to go about it). The question is whether you want to open port 3389 or use a different port.
Where is the Public Server Wizard located? When you say open port 3389 what are the best practices should that port be open or should another port be open?
also when I have an outside line, should I just then go ahead and create a user in my active directly for him to use?
also when I have an outside line, should I just then go ahead and create a user in my active directly for him to use?
If you really wanted to know the best practice involving RDP, it would actually be to use the Remote Gateway and other services. But for how you actually have it set up, the most ideal things to do would be to have two factor authentication using a product like Duo or AuthLite.
No, wizard will help you open RDP ports and forward protocols to Host you want to give access to.
You can define host before wizard or do it as a part of wizard :)
You can define host before wizard or do it as a part of wizard :)
It's two pieces: The server has to be configured to allow RDP connections, and the Sonicwall has to be configured to forward the ports necessary for the RDP connection to the correct server(s).
OK, the server is already configured to let RDP through we type in an IP address to access certain PC. So do I need to configure another rule in the SonicWall to connect to another device?
Correct. That's where the Public Server Wizard comes into play, to assist you with port forwarding and NAT rules.
Like I said before, you can't configure multiple connection using same protocol and same port number to multiple devices.
If you want to connect to multiple devices from outside then you must configure VPN connection first then connect by local IP address.
If you want to connect to multiple devices from outside then you must configure VPN connection first then connect by local IP address.
OK... I was able to rout it through the Sonic walls Firewall and get access from the outside.
However If I wanted to create a specific user in my AD that would only be allow to remote into a static IP address how would I be able to configure this?
However If I wanted to create a specific user in my AD that would only be allow to remote into a static IP address how would I be able to configure this?
Navigate to your Active Directory Users and Computers
Go to section BuildIn
Open Remote Desktop Users group and add your new created username.
On machine you want to give access to you must go to System Properties
Remote tab
Select Allow connections from computers running any version of Remote Desktop
Then click on Select Users button
Add
And select your Remote Desktop Users group.
All other users not going to be able to connect using RDP, only members of this group
Go to section BuildIn
Open Remote Desktop Users group and add your new created username.
On machine you want to give access to you must go to System Properties
Remote tab
Select Allow connections from computers running any version of Remote Desktop
Then click on Select Users button
Add
And select your Remote Desktop Users group.
All other users not going to be able to connect using RDP, only members of this group
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trialIt's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Word 2016 Part … 134 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.