Using internal Active Directory to host External client accounts ????

Posted on 2005-03-21
Medium Priority
Last Modified: 2010-08-05
I have been asking by one of our developers if we can host external client accounts inside our internal active directory so that when the external client hits a web site they can be authenticated against our internal AD database.  The catch is this, they do not want the external client account to have ANY access to internal resources.  We are running Windows 2000 AD and I am not sure if there is any way to create a user account just for authentication purposes while totally cutting them off from the internal resources.  
Question by:jessicaterry
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

dr_binks earned 1500 total points
ID: 13592443
well I guess a really simple way is to create a new account for the external client to authenticate with and just dont give it access to anything i.e. dont put it in a group that has access to say.. a fileserver etc.

you may also want to create an OU policy with as much 'lock down' settings as possible.

hope this helps


Expert Comment

ID: 13592836
Just create the user.  The only group users must be in, and are put in by default, is the 'Domain Users' group. You shouldn't be granting permissions based on that group anyway.  If you are, then just create a group that is denied access to those resources and add them to that group.  Those deny settings will override any allow settings.
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13599128
I am not clear. Could you please explain it?

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more


Expert Comment

ID: 13603475
SystmProg, who are you asking to explain what?

Expert Comment

ID: 13607870
salvagbf, create an OU in your AD called say 'External Users' and put that user in there.  Lock them down with a GP under that OU, they need to be a Domain User to Authenticate on your domain but make sure your Domain users group is not a member of any other group that gives access to your network and then add them to any groups you want to grant access to.

LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13608532

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We are witnesses that everyone is saying that our children shouldn't "play" with a technology because it is dangerous. This article is going to prove that they are wrong.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question