AD account - limiting access to a single server

By gibit ·

I need some help on this:
I need to create an Active Directory account which must be able to login via vpn and access only one server (with administrator privileges on it).

Limiting the login to one server via the "logon to" in the account tab is ok, but what i really need is to completely hide the rest of the network to this user, we've got many shares around i dont want him to see,
can anybody help?

thanks a lot,

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by gibit In reply to AD account - limiting acc ...

i'm giving myself some feedback on this issue...

I ended with assigning the user to the local administrators group on the server he needs to access, and appling a gpo to every other machine in the domain with the "deny access to this computer from the network" policy for that user.

As far as i tried it seems to work, but i'm still a little bit worried about system shares, since the policy applies to the dc's as well.


Related Discussions

Related Forums