Q

Can I implement a firewall ID that turns on only when needed?

I help support a large (500+) server environment. We have a security group that periodically needs to do investigations on servers with regards to employee fraud, misuse of equipment, etc. I don't want to give these folks admin rights across every box. Is there an easy way to implement a "firewall" ID that I can turn on only when needed?
Create a domain user account but disable it. Ensure it uses a complex password. Give it membership in the local computer administrators group. When the group needs to check out a server, enable the account. Allow a user to use this account only when necessary. Otherwise they are to use their own account. Be sure to enable the account before use, be sure to reset the password after each use. Also, be sure to log their activity. You may want several of these accounts. Use a special group in which you grant them membership, then the group can be give the local admin access. Since each user has an account, you can maintain accountability.
This was first published in April 2004
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close