Hello,
I need some help on this:
I need to create an Active Directory account which must be able to login via vpn and access only one server (with administrator privileges on it).
Limiting the login to one server via the "logon to" in the account tab is ok, but what i really need is to completely hide the rest of the network to this user, cause we've got many shares around i dont want him to see,
can anybody help?
thanks a lot,
Gibit
Announcement
Collapse
No announcement yet.
AD account - limiting access to a single server
Collapse
X
-
AD account - limiting access to a single server
Tags: None
-
Re: AD account - limiting access to a single server
Thanks everybody for your help, and sorry for being late with the feedback..
The user did need admin rights, and the network has plenty of "auth users" shares.
I ended with assigning the user to the local administrators group on that server, and appling a gpo to every other machine in the domain with the "deny access to this computer from the network" for that user.
As far as i tried it seems to work.
Gibit
-
Re: AD account - limiting access to a single server
Setup the account and add the account to the local administrators group of the server he needs access to.
the other question is, does this person really need full admin rights?? could you get away with just assigning permissions to files/folders and certain reg keys??
and as far as the network goes, as long as the user is only a member of the local admin group he'll only have admin rights on that local machine. and so long as you didn't apply NTFS permissions on shares to either "authenticated users" or "everyone" then he shouldn't be able to access the shares.
Leave a comment:
-
Re: AD account - limiting access to a single server
well, with the admin privledge, whats the point? he will be able to see whatever the other admins can see.
must the shares be hidden? it would be much easier to just deny him the ability to browse the shares than physically hide them.
Leave a comment:
-
Re: AD account - limiting access to a single server
Cant you give him a local account?
Afcourse a share with access to "everyone" will still be seen.
Leave a comment:
Leave a comment: