Re: Disable everything except for a web site authentication.

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 11/25/04 

Date: Wed, 24 Nov 2004 23:18:29 -0700

This may not work depending on where the web mediated interfaces
connect, but have you considered use of machine local accounts for
them until you have implemented the extranet forest ?
How will they get to the sharepoint machine? If you control well the
ports routed to this from the open internet (which I assume is where
they will be coming from) then they are pretty much limited to what
the web interfaces will do for them via http/https (just do not grant
anything more that sharepoint browser role). 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA,  MCSE W2k3+W2k+Nt4
"vamsi" <vamsi@discussions.microsoft.com> wrote in message 
news:BC3C270A-F0C9-4707-874F-38EEE5251426@microsoft.com...
> All,
>
> How can I configure a OU with GPO setting that would disable a user from
> every right except for authenticating to a web site.
>
> We have a sharepoint installation for extranet use. Partners will be 
> created
> under a OU, and we wish to restrict these users from accessing any 
> resources
> in the network. These users should not be able to logon to the network, 
> and
> access any resources that would normally be accessible to domain users. We
> plan to use GPO to achieve this security requirement.
>
> This is an interim solution until we get a partner domain setup with one 
> way
> trusts to our network.
> Please help me find template files or so to achieve this.
> Thanks,
> Vamsi
>