We have a vendor who occasionally needs to remote in and administer their server. Thus far when they've needed access, they have called us and started a gotomeeting session. But if they need to reboot the server, someone needs to be there to restart the g2m session for them to reconnect.
I'd like to use an AD account and give them access through our VPN, but I'd like to get some feedback about best practices for this type of access. For instance:
Do we ONLY make them a member of the VPN Users group, or do they have to be part of the Domain Users group as well (the group that every domain account is a member of by default)?
Are there any specific security permissions I need to be aware of?
I've created the account and restricted the server the vendor has access to through "Log On To". I've also set the account to "User cannot change password" and plan on giving the vendor a new password each 24 hour period they need to have access, as well as set the account to expire at the end of each 24 hour period.
Thanks in advance!
