Re: Disable everything except for a web site authentication.

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/25/04 

Date: Thu, 25 Nov 2004 01:30:09 GMT

If users should not be able to logon to the domain then they can not access
domain computers without domain accounts and they can not be in an OU.

Otherwise if they are going to be domain users, you could use ipsec
filtering policy to manage what computers on the network they can access if
you can put all their computers into the OU as ipsec is a computer
configuration policy. The link below explains ipsec filtering more.

http://www.securityfocus.com/infocus/1559

If you only have control over domain users and not the computers or if the
users are not restricted to particular computers you can add those users to
a global group and then give that global group "deny access to this computer
from the network" to the domain computers they should not access. That user
right can be configured at the domain or Organizational Unit level. They
should not be denied access to this computer from the network to domain
controllers or they may not be able to logon to the domain. --- Steve

"vamsi" <vamsi@discussions.microsoft.com> wrote in message
news:BC3C270A-F0C9-4707-874F-38EEE5251426@microsoft.com...
> All,
>
> How can I configure a OU with GPO setting that would disable a user from
> every right except for authenticating to a web site.
>
> We have a sharepoint installation for extranet use. Partners will be
> created
> under a OU, and we wish to restrict these users from accessing any
> resources
> in the network. These users should not be able to logon to the network,
> and
> access any resources that would normally be accessible to domain users. We
> plan to use GPO to achieve this security requirement.
>
> This is an interim solution until we get a partner domain setup with one
> way
> trusts to our network.
> Please help me find template files or so to achieve this.
> Thanks,
> Vamsi
>

Relevant Pages

  • Re: Green Admin - Brute Force Attack - Pls Help
    ... Ipsec configuration is very similar [if ... specifics on how to use ipsec "filtering" policy to protect computers. ... is managing a network - particularly one in a hostile environment. ...
    (microsoft.public.security)
  • Re: Isolate systems
    ... If you have access to the firewall, you might be able to configure what IP ... filtering policy on your computers which is a policy that uses rules with ... Ipsec policies are best when trying to configure for a subnet ... network layout you may be able to implement ...
    (microsoft.public.win2000.security)
  • Re: XP Firewall Quandry
    ... admin workstations if that would work and possibly even requiring an ipsec ... security association for those exceptions which would not allow computers ... Even the risk of having another network available can be ... enable the Windows Firewall in both domain and standard policy. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Anyone can browse my network
    ... You mention firewall but that will normally only prevent access from the ... internet unless the firewall is used to protect a network segment of your ... network infrastructure or possibly ipsec implementation on the domain. ... before an ipsec session can be created between two computers. ...
    (microsoft.public.security)
  • Re: The Hard Problem for Behaviorists
    ... correct low level abstractions to define the operation of the brain with - ... Do you not know how computers work? ... you can think of this type of network like you ... when you drop a marble in hole X1, ...
    (sci.cognitive)