| Author |
Message |
|
JohnSheridan
Doesn't have much of a life
Joined: Mon Apr 27, 2009 9:10 pm
Posts: 1057
|
We have several servers at work - all running Server 2003.
Now 1 of these servers looks after one of our suppliers (exclusively) - so it has only there stuff on - stock lists, prices etc etc.
This supplier now wants to have the ability to connect to their machine (remotely) to look at their stock etc.
We have a Citrix connection so I could let them in that way then they would have to RDP over to that server - obviously a risk they could try to be "nosey" and snoop around the rest of our network - which has rival suppliers data on!
Another thought I had was to install a network card on that server (so it has 2 lan ports) - convert a phone line to broadband and link it to that server so they could then RDP directly into that machine via this new broadband line.
Question is will that work (think it will) or does anyone have any other suggestions?
_________________
|
| Tue Apr 28, 2009 10:11 pm |
 
|
|
|
forquare1
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 6:36 pm
Posts: 5150
Location: /dev/tty0
|
Even if they use a different line to connect, surely they can still point the server at the other connection and say "Snoop!" ?
|
| Tue Apr 28, 2009 10:14 pm |
|
|
|
JohnSheridan
Doesn't have much of a life
Joined: Mon Apr 27, 2009 9:10 pm
Posts: 1057
|
Well I can lock-down the other servers to deny them access so if they try to snoop under their username it will refuse them access.
_________________
|
| Tue Apr 28, 2009 10:23 pm |
|
|
|
forquare1
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 6:36 pm
Posts: 5150
Location: /dev/tty0
|
Which would surely mean they were OK to use the current connection for access, seeing as they don't know user names/passwords of the other systems?
|
| Tue Apr 28, 2009 10:27 pm |
|
|
|
AlunD
Site Admin
Joined: Fri Apr 24, 2009 6:12 am
Posts: 7011
Location: Wiltshire
|
Why not let them use terminal server or log me in ?
What ever you do you will have to partially at least expose thier server more than it currently is.
_________________
<input type="pickmeup" name="coffee" value="espresso" />
|
| Wed Apr 29, 2009 6:13 am |
|
|
|
Agrajag
Has a life
Joined: Fri Apr 24, 2009 8:02 am
Posts: 31
|
As you've said, publish an RDP app in Citrix with a command line pointing to the server - e.g. "mstsc /v:<servername>" and give them a account in your AD locked down to that one server. Any good?
_________________
--Previously known as Strug1979
|
| Wed Apr 29, 2009 7:25 pm |
|
|
|
Coref
Occasionally has a life
Joined: Mon Apr 27, 2009 6:20 pm
Posts: 446
Location: ~/
|
If they're the supplier shouldn't they be paying for it? FWIW Invitrogen's Supply Center works quite well at my work. I assume other vendors must have similar.
_________________
I was nickholway on the old boards.
|
| Wed Apr 29, 2009 8:05 pm |
|
|
|
j17ypr
Has a life
Joined: Sat Apr 25, 2009 11:01 pm
Posts: 23
|
your easiest way is either remote desktop or logmein and give them a restricted user account to log in with
|
| Wed Apr 29, 2009 9:28 pm |
|
|
|
JohnSheridan
Doesn't have much of a life
Joined: Mon Apr 27, 2009 9:10 pm
Posts: 1057
|
Bumped into one of my old IT mates last night so asked him what he would do - he said just go onto that server - into cmd - gpedit.msc and setup a group policy locking down the Control Panel access so that is what we'll do - might also lock a few other's things whilst there. Thanks for your suggestions  _________________
|
| Fri May 01, 2009 9:17 am |
|
|
