Announcement

Collapse
No announcement yet.

AD account - limiting access to a single server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Gibit
    started a topic AD account - limiting access to a single server

    AD account - limiting access to a single server

    Hello,

    I need some help on this:
    I need to create an Active Directory account which must be able to login via vpn and access only one server (with administrator privileges on it).

    Limiting the login to one server via the "logon to" in the account tab is ok, but what i really need is to completely hide the rest of the network to this user, cause we've got many shares around i dont want him to see,
    can anybody help?

    thanks a lot,
    Gibit

  • Gibit
    replied
    Re: AD account - limiting access to a single server

    Thanks everybody for your help, and sorry for being late with the feedback..

    The user did need admin rights, and the network has plenty of "auth users" shares.

    I ended with assigning the user to the local administrators group on that server, and appling a gpo to every other machine in the domain with the "deny access to this computer from the network" for that user.

    As far as i tried it seems to work.

    Gibit

    Leave a comment:


  • wiredteknologies
    replied
    Re: AD account - limiting access to a single server

    Setup the account and add the account to the local administrators group of the server he needs access to.

    the other question is, does this person really need full admin rights?? could you get away with just assigning permissions to files/folders and certain reg keys??

    and as far as the network goes, as long as the user is only a member of the local admin group he'll only have admin rights on that local machine. and so long as you didn't apply NTFS permissions on shares to either "authenticated users" or "everyone" then he shouldn't be able to access the shares.

    Leave a comment:


  • James Haynes
    replied
    Re: AD account - limiting access to a single server

    well, with the admin privledge, whats the point? he will be able to see whatever the other admins can see.

    must the shares be hidden? it would be much easier to just deny him the ability to browse the shares than physically hide them.

    Leave a comment:


  • Killerbe
    replied
    Re: AD account - limiting access to a single server

    Cant you give him a local account?
    Afcourse a share with access to "everyone" will still be seen.

    Leave a comment:

Working...
X