RE: Create user that dont have access to domain
From: Allen Firouz (AllenFirouz_at_discussions.microsoft.com)
Date: 01/21/05
- Next message: Nguyen: "RE: Help Replication problem"
- Previous message: Allen Firouz: "RE: client logon with more than 1 DC"
- In reply to: Steve: "Create user that dont have access to domain"
- Next in thread: Steve: "RE: Create user that dont have access to domain"
- Reply: Steve: "RE: Create user that dont have access to domain"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 21 Jan 2005 08:55:04 -0800
Steve:
How are you locking down the PC's? Through a GPO or local policy?
It is not a good idea to have generic logins in any environment. That being
said and out of the way, your best bet is to creat an OU for the account and
apply a very restrictive GPO that restricts their access to browsing and
accessing network resources. If you have specific machines that need that
login, put the PCs in that OU as well and apply policy restictions on the
machine as well as the user policies. Without knowing how restrictive you
want it to be, it is hard to recommend GPO settings. Here are some useful
links:
GPO Setting overview and links:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322143
Restricting software using GPO (including access control)
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
Local policy settings for Windows XP:
http://www.microsoft.com/downloads/details.aspx?FamilyID=ef3a35c0-19b9-4acc-b5be-9b7dab13108e&displaylang=en
Hope that helps.
-Allen Firouz [MentalFloss]
"Steve" wrote:
> Hello,
>
> I have a program that uses Active Directory to authenticate the user to
> have access to that particular program. What I have set up in my environment
> is a generic login to these computers that is in a locked down state for
> security reasons. What I want to do is create a user that will pass
> authentication for this program via Active Directory but NOT allow them to
> log into the machine itself on the domain. I want the generic account with
> the locked down state logged in at all times. Any advice? Change permissons
> somewhere? Create a policy?
- Next message: Nguyen: "RE: Help Replication problem"
- Previous message: Allen Firouz: "RE: client logon with more than 1 DC"
- In reply to: Steve: "Create user that dont have access to domain"
- Next in thread: Steve: "RE: Create user that dont have access to domain"
- Reply: Steve: "RE: Create user that dont have access to domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
