Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

URGENT HELP on Creating Winodws 2000 to locl Down Non-Employee Users

Posted on 2009-04-07
8
Medium Priority
?
243 Views
Last Modified: 2012-05-06
Right now I'm running a Windows 2000 AD domain with 100+ WIdows XP host. I have have a about 12 consultant my company uses to various things. All of these consults do not network accounts. I have placed all of these accounts in there own OU. I need to make sure ALL of all of the consultants have the following restrictions:

1) Only have access to a hand full of network shares and cannot mapp to additional locations
2) CAn not install the AD AdminTools
3)  CAnnot search AD or the network in general

Can a GP do this???? please advise
0
Comment
Question by:compdigit44
  • 4
  • 3
8 Comments
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 24093069
Hi,

First, I would create a domain local group for the consultants and add all of their accounts to that group. Modify the shares you would like these folks to access, only specify their group with the desired level of permissions. Configure the deny read permission to all of the others shares they should never be able to access.  Keeping the consultants out of the local administrators group will prevent them from installing the admin tools, but if they do not hold any administrative roles in the domain, they can't do much with the tools.  

0
 
LVL 15

Expert Comment

by:zelron22
ID: 24093679
Domain users can--and have to be able to--query active directory.  You can't stop that.  They can't modify it without admin permissions, but they can query it.

Otherwise, the above suggestions will work.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24099942
What about creating a GP to map these users to specific shares and block them from adding more or browsing the networK?
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 27

Accepted Solution

by:
Jason Watkins earned 2000 total points
ID: 24101704
Group policy doesn't really work that way.  GPOs can be used to maps scripts which will give the users access to shares.  Permissions control access to those actual shares.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24101757
I know about the permission I'm referring to controlling there user enviroment
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 24103121
What do you want to control? Older versions of Windows server cannot really prevent users from seeing items on the network, if it is set up correctly.  Are the users using a shared computer?  
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24106148
I want to prevent these users from using network neighbor, mapping network drives...etc..
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24163568
Surely Windows 2000 group policies can do something regarding this ... Please advise..
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question