Adding outside external users to your domain

By Hal12 ·
I was asked if an external user could be added to our domain. I know this is possible but I wanted to know a best practices approach to this. I want this external user to access some applications but not others. Should this user be setup as a guest and how could I deny them access to our shared drives and applications? This would all be done on a windows server 2008 with the client running XP.

Thank you

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

I would use terminal services

by markp24 In reply to Adding outside external u ...


i would give them a TS page to logon to and restrict there applications to just those they have rights to. I would not give them any access to file browsing/searching/etc./
using a GPO i would restrict it down to just what they needed.
if you just want to deny them access to drives, put them in a "outside users" group in the AD and add that to the security tab on the Share properties for the shares with Access denied .

Collapse -

A lot depends on what exactly they need access to

by robo_dev In reply to Adding outside external u ...

From a security and support standpoint, I would recommend something like a Cisco ASA SSL VPN, This can give the user a client-less WebVPN connection which can use LDAP /AD for authentication.

Collapse -

stop user access

by whiterose_umair In reply to Adding outside external u ...

friend use "net control 2" it is software which have many function to restrict the user. with this above mention software you will be also able to observe the user activities as well as you able to restrict them.

Related Discussions

Related Forums