Re: AD account - limiting access to a single server

Thanks everybody for your help, and sorry for being late with the feedback..

The user did need admin rights, and the network has plenty of "auth users" shares.

I ended with assigning the user to the local administrators group on that server, and appling a gpo to every other machine in the domain with the "deny access to this computer from the network" for that user.

As far as i tried it seems to work.

Gibit

Re: AD account - limiting access to a single server

Setup the account and add the account to the local administrators group of the server he needs access to.

the other question is, does this person really need full admin rights?? could you get away with just assigning permissions to files/folders and certain reg keys??

and as far as the network goes, as long as the user is only a member of the local admin group he'll only have admin rights on that local machine. and so long as you didn't apply NTFS permissions on shares to either "authenticated users" or "everyone" then he shouldn't be able to access the shares.

Re: AD account - limiting access to a single server

well, with the admin privledge, whats the point? he will be able to see whatever the other admins can see.

must the shares be hidden? it would be much easier to just deny him the ability to browse the shares than physically hide them.

Re: AD account - limiting access to a single server

Cant you give him a local account?
Afcourse a share with access to "everyone" will still be seen.