Announcement

Collapse
No announcement yet.

AD account - limiting access to a single server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD account - limiting access to a single server

    Hello,

    I need some help on this:
    I need to create an Active Directory account which must be able to login via vpn and access only one server (with administrator privileges on it).

    Limiting the login to one server via the "logon to" in the account tab is ok, but what i really need is to completely hide the rest of the network to this user, cause we've got many shares around i dont want him to see,
    can anybody help?

    thanks a lot,
    Gibit

  • #2
    Re: AD account - limiting access to a single server

    Cant you give him a local account?
    Afcourse a share with access to "everyone" will still be seen.
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

    Comment


    • #3
      Re: AD account - limiting access to a single server

      well, with the admin privledge, whats the point? he will be able to see whatever the other admins can see.

      must the shares be hidden? it would be much easier to just deny him the ability to browse the shares than physically hide them.
      its easier to beg forgiveness than ask permission.
      Give karma where karma is due...

      Comment


      • #4
        Re: AD account - limiting access to a single server

        Setup the account and add the account to the local administrators group of the server he needs access to.

        the other question is, does this person really need full admin rights?? could you get away with just assigning permissions to files/folders and certain reg keys??

        and as far as the network goes, as long as the user is only a member of the local admin group he'll only have admin rights on that local machine. and so long as you didn't apply NTFS permissions on shares to either "authenticated users" or "everyone" then he shouldn't be able to access the shares.
        Technology is only as good as those who use it

        My tech blog - wiredtek.wordpress.com

        Comment


        • #5
          Re: AD account - limiting access to a single server

          Thanks everybody for your help, and sorry for being late with the feedback..

          The user did need admin rights, and the network has plenty of "auth users" shares.

          I ended with assigning the user to the local administrators group on that server, and appling a gpo to every other machine in the domain with the "deny access to this computer from the network" for that user.

          As far as i tried it seems to work.

          Gibit

          Comment

          Working...
          X