Re: Disable everything except for a web site authentication.
From: vamsi (vamsi_at_discussions.microsoft.com)
Date: 11/26/04
- Next message: Roger Abell: "Re: Disable everything except for a web site authentication."
- Previous message: T0GGLe: "How to restrict rights to only allow users to add or remove or modify user account and group settings"
- In reply to: Roger Abell [MVP]: "Re: Disable everything except for a web site authentication."
- Next in thread: Roger Abell: "Re: Disable everything except for a web site authentication."
- Reply: Roger Abell: "Re: Disable everything except for a web site authentication."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Nov 2004 05:27:01 -0800
Roger,
Thanks for your reply. Local accounts is not recommended, as this interm
solution could go for months - yr. Also, we have 2 front end servers using
NLB, so it would be a mess.
We have to do exctly what you suggested, but HOW exactly to implement it?
Please provide some steps, as I am new to AD admin.
Users come from internet, over the firewall to the frontend server inside
the n/w.
All we need is http/https access to this machine by these users.
What GPO settings, templates should we use to only allow this and nothing
else?
As of now, I created an OU in my virtual machine AD, and added a new Group
Policy. I have to now configure that GPO to implement what you suggested, but
HOW?
Please provide your valuable input.
Thanks,
Vamsi.
"Roger Abell [MVP]" wrote:
> This may not work depending on where the web mediated interfaces
> connect, but have you considered use of machine local accounts for
> them until you have implemented the extranet forest ?
> How will they get to the sharepoint machine? If you control well the
> ports routed to this from the open internet (which I assume is where
> they will be coming from) then they are pretty much limited to what
> the web interfaces will do for them via http/https (just do not grant
> anything more that sharepoint browser role).
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCDBA, MCSE W2k3+W2k+Nt4
> "vamsi" <vamsi@discussions.microsoft.com> wrote in message
> news:BC3C270A-F0C9-4707-874F-38EEE5251426@microsoft.com...
> > All,
> >
> > How can I configure a OU with GPO setting that would disable a user from
> > every right except for authenticating to a web site.
> >
> > We have a sharepoint installation for extranet use. Partners will be
> > created
> > under a OU, and we wish to restrict these users from accessing any
> > resources
> > in the network. These users should not be able to logon to the network,
> > and
> > access any resources that would normally be accessible to domain users. We
> > plan to use GPO to achieve this security requirement.
> >
> > This is an interim solution until we get a partner domain setup with one
> > way
> > trusts to our network.
> > Please help me find template files or so to achieve this.
> > Thanks,
> > Vamsi
> >
>
>
>
- Next message: Roger Abell: "Re: Disable everything except for a web site authentication."
- Previous message: T0GGLe: "How to restrict rights to only allow users to add or remove or modify user account and group settings"
- In reply to: Roger Abell [MVP]: "Re: Disable everything except for a web site authentication."
- Next in thread: Roger Abell: "Re: Disable everything except for a web site authentication."
- Reply: Roger Abell: "Re: Disable everything except for a web site authentication."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
