Access to Production Servers

Home Forums Server Operating Systems Windows Server 2012 / 2012 R2 Access to Production Servers

This topic contains 1 reply, has 2 voices, and was last updated by  Ossian 1 year, 6 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts

  • Newkid_007
    Member
    #167053

    Hi all,

    Scenario: We got two networks, for the office network 192.168.0.x and server network 10.1.1.x. The domain controller is on the office network (192.168.0.x) and the server network (10.1.1.x) does not have a domain controller. Currently to login to the servers in (10.1.1.x) network, all users use the Administrator account therefore all users have admin access. We also have two application running (A & B) using the administrator account.

    Issue: When users log in using Administrator credentials. They have been give full control and cannot track which user from the the office network (192.168.0.x) has implemented changes. Need to give each user their individual account to access the servers (10.1.1.x) and to configure running application (A & B).

    Tried the following: Created a domain controller on a 2012 R2 server in the server network (10.1.1.x) which allowed users from the office network (192.168.0.x) to connect using their individual accounts to the server. The issue I am having now is when the users use remote desktop to login to the servers in (10.1.1.x.) The windows 2012 R2 servers create a separate user profile i.e different desktop and the users are not able to see the running application (A & B) because they are running on the administrator user profile.

    I am currently trying to achieve a way to allow users from (192.168.0.x) to use their individual accounts to remote desktop into the administrators user profile on the servers in (10.1.1.x). Therefore they are able to view the two running application (A & B) and I will be to check which users have been logging in and when. Is this possible ? Sorry I am a complete novice in this situation.

    Thanks all in advance.


    Ossian
    Moderator
    #191685

    A couple of possibilities, but all rely on some form of routing between the office and production networks

    Start by setting up routing in some appropriate way (depends on your network so can’t tell you how)

    1) Keep a single DC in the office, and make sure
    a) you can ping by FQDN from production
    b) FQDN is used when accessing resources in the other network

    2) Add a DC to the production network and make sure it is replicating to the office DC. Access resources by NetBIOS or FQDN

    I would prefer 2 as it gives DC redundancy

    Either way you will need to ensure Production servers are domain members (not clear from above if they are) and user accounts have appropriate permissions to access them

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.