Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Using internal Active Directory to host External client accounts ????

Posted on 2005-03-21
6
Medium Priority
?
185 Views
Last Modified: 2010-08-05
I have been asking by one of our developers if we can host external client accounts inside our internal active directory so that when the external client hits a web site they can be authenticated against our internal AD database.  The catch is this, they do not want the external client account to have ANY access to internal resources.  We are running Windows 2000 AD and I am not sure if there is any way to create a user account just for authentication purposes while totally cutting them off from the internal resources.  
0
Comment
Question by:jessicaterry
6 Comments
 
LVL 5

Accepted Solution

by:
dr_binks earned 1500 total points
ID: 13592443
well I guess a really simple way is to create a new account for the external client to authenticate with and just dont give it access to anything i.e. dont put it in a group that has access to say.. a fileserver etc.

you may also want to create an OU policy with as much 'lock down' settings as possible.

hope this helps

~Binks
0
 
LVL 6

Expert Comment

by:salvagbf
ID: 13592836
Just create the user.  The only group users must be in, and are put in by default, is the 'Domain Users' group. You shouldn't be granting permissions based on that group anyway.  If you are, then just create a group that is denied access to those resources and add them to that group.  Those deny settings will override any allow settings.
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13599128
I am not clear. Could you please explain it?

Thanks
SystmProg
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 6

Expert Comment

by:salvagbf
ID: 13603475
SystmProg, who are you asking to explain what?
0
 
LVL 1

Expert Comment

by:weight01
ID: 13607870
salvagbf, create an OU in your AD called say 'External Users' and put that user in there.  Lock them down with a GP under that OU, they need to be a Domain User to Authenticate on your domain but make sure your Domain users group is not a member of any other group that gives access to your network and then add them to any groups you want to grant access to.

Thanks
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13608532
Author
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Integration Management Part 2
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question