Link to home
Start Free TrialLog in
Avatar of jessicaterry
jessicaterry

asked on

Using internal Active Directory to host External client accounts ????

I have been asking by one of our developers if we can host external client accounts inside our internal active directory so that when the external client hits a web site they can be authenticated against our internal AD database.  The catch is this, they do not want the external client account to have ANY access to internal resources.  We are running Windows 2000 AD and I am not sure if there is any way to create a user account just for authentication purposes while totally cutting them off from the internal resources.  
ASKER CERTIFIED SOLUTION
Avatar of dr_binks
dr_binks
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Bernie Salvaggio
Bernie Salvaggio
Flag of United States of America image
Just create the user.  The only group users must be in, and are put in by default, is the 'Domain Users' group. You shouldn't be granting permissions based on that group anyway.  If you are, then just create a group that is denied access to those resources and add them to that group.  Those deny settings will override any allow settings.
Avatar of Nirmal Sharma
Nirmal Sharma
Flag of United States of America image
I am not clear. Could you please explain it?

Thanks
SystmProg
Avatar of Bernie Salvaggio
Bernie Salvaggio
Flag of United States of America image
SystmProg, who are you asking to explain what?
Avatar of weight01
weight01
Flag of United Kingdom of Great Britain and Northern Ireland image
salvagbf, create an OU in your AD called say 'External Users' and put that user in there.  Lock them down with a GP under that OU, they need to be a Domain User to Authenticate on your domain but make sure your Domain users group is not a member of any other group that gives access to your network and then add them to any groups you want to grant access to.

Thanks