There may come a time when you are unable to log in to your CAS deployment while using your Domain Admin credentials. To login to the server and troubleshoot the issue, you will have to log in as a Local Admin. This Local Admin account differs from your Domain Admin account in that it only has Administrative access to the machine you are accessing. A Domain Administrator is a domain account that has administrative access to all machines in the domain. To begin creating your Local Admin account, please follow the steps below.
Creating The Firewall Rule
The Firewall rule that we are creating is a blanket Firewall rule that will allow you to access all of your deployments ports and instances. If you would like to restrict your access to specific ports & VM instances, you will have the option to do so by following the steps in this guide.
1. Login to https://console.cloud.google.com/
2. Click on the Navigation Menu
3. Scroll down to VPC Networks → Firewall
4. Click on Create Firewall Rule
5. Name your Firewall rule according to what you are trying to accomplish.
Note:You can skip to Step 13 of this section in order to view a screenshot of the Firewall rule creation screen.
6. Make sure to select your deployment network. If you leave it on the default network, the Firewall rule will not be able to access your instances as a Local Admin.
7. Select the Direction of Traffic to be Ingress.
8. Select allow for the Action on match section.
9. For targets, select All instances on the network. If you would like to configure local
access to specific instances, you have the option to do so through Target tags, or
10. For Source IP Ranges, you can specify the subnet that you would like to have access to your instances, or you can simply put your personal Public IP Address.
(To find out your Public IP Address, go to (https://ipchicken.com/) your IP address will
appear under the Current IP Address section as per the screenshot below)
11. For Protocols and Ports, you can select Allow all.
If you would like to select specific protocols, you have the option to do so by specifying which TCP/UDP ports, as well as the option to input specific protocols by selecting Specified Protocols and Ports.
12. When you are finished, click Create.
Accessing The VM Instances
1. Click on the Navigation Menu
2. Navigate to Compute Engine → VM Instances
3. For the VM that you are trying to access, click on the arrow to the right of the RDP button.
4. Click on Set Windows Password
5. Input your desired username and click Set
6. You will be provided with your Local Admin password. Make sure to save this Windows password, as you will be needing it to login. Click on Close
7. For the VM that you are trying to access, click on the arrow to the right of the RDP button.
8. Click on Download RDP File
9. Once the RDP file is downloaded, open it, and use the password provided to you on Step 6.
10. Congratulations! You have now signed into your Google Cloud server as a Local Admin!
If you continue running into issues, please review all the steps above. In our experience, if a user is unable to login successfully, it is because the Firewall rule was created incorrectly.
If you have any questions or concerns, please send an email to email@example.com with details of the issue. Please include any screenshots if possible.