Newkid_007MemberJune 8, 2017 at 5:24 am #167053
Scenario: We got two networks, for the office network 192.168.0.x and server network 10.1.1.x. The domain controller is on the office network (192.168.0.x) and the server network (10.1.1.x) does not have a domain controller. Currently to login to the servers in (10.1.1.x) network, all users use the Administrator account therefore all users have admin access. We also have two application running (A & B) using the administrator account.
Issue: When users log in using Administrator credentials. They have been give full control and cannot track which user from the the office network (192.168.0.x) has implemented changes. Need to give each user their individual account to access the servers (10.1.1.x) and to configure running application (A & B).
Tried the following: Created a domain controller on a 2012 R2 server in the server network (10.1.1.x) which allowed users from the office network (192.168.0.x) to connect using their individual accounts to the server. The issue I am having now is when the users use remote desktop to login to the servers in (10.1.1.x.) The windows 2012 R2 servers create a separate user profile i.e different desktop and the users are not able to see the running application (A & B) because they are running on the administrator user profile.
I am currently trying to achieve a way to allow users from (192.168.0.x) to use their individual accounts to remote desktop into the administrators user profile on the servers in (10.1.1.x). Therefore they are able to view the two running application (A & B) and I will be to check which users have been logging in and when. Is this possible ? Sorry I am a complete novice in this situation.
Thanks all in advance.
OssianModeratorJune 8, 2017 at 5:34 am #191685
A couple of possibilities, but all rely on some form of routing between the office and production networks
Start by setting up routing in some appropriate way (depends on your network so can’t tell you how)
1) Keep a single DC in the office, and make sure
a) you can ping by FQDN from production
b) FQDN is used when accessing resources in the other network
2) Add a DC to the production network and make sure it is replicating to the office DC. Access resources by NetBIOS or FQDN
I would prefer 2 as it gives DC redundancy
Either way you will need to ensure Production servers are domain members (not clear from above if they are) and user accounts have appropriate permissions to access them
You must be logged in to reply to this topic.