Ask the Expert

Can I implement a firewall ID that turns on only when needed?

I help support a large (500+) server environment. We have a security group that periodically needs to do investigations on servers with regards to employee fraud, misuse of equipment, etc. I don't want to give these folks admin rights across every box. Is there an easy way to implement a "firewall" ID that I can turn on only when needed?
Create a domain user account but disable it. Ensure it uses a complex password. Give it membership in the local computer administrators group. When the group needs to check out a server, enable the account. Allow a user to use this account only when necessary. Otherwise they are to use their own account. Be sure to enable the account before use, be sure to reset the password after each use. Also, be sure to log their activity. You may want several of these accounts. Use a special group in which you grant them membership, then the group can be give the local admin access. Since each user has an account, you can maintain accountability.

This was first published in April 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: