Solved

URGENT HELP on Creating Winodws 2000 to locl Down Non-Employee Users

Posted on 2009-04-07
8
238 Views
Last Modified: 2012-05-06
Right now I'm running a Windows 2000 AD domain with 100+ WIdows XP host. I have have a about 12 consultant my company uses to various things. All of these consults do not network accounts. I have placed all of these accounts in there own OU. I need to make sure ALL of all of the consultants have the following restrictions:

1) Only have access to a hand full of network shares and cannot mapp to additional locations
2) CAn not install the AD AdminTools
3)  CAnnot search AD or the network in general

Can a GP do this???? please advise
0
Comment
Question by:compdigit44
  • 4
  • 3
8 Comments
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 24093069
Hi,

First, I would create a domain local group for the consultants and add all of their accounts to that group. Modify the shares you would like these folks to access, only specify their group with the desired level of permissions. Configure the deny read permission to all of the others shares they should never be able to access.  Keeping the consultants out of the local administrators group will prevent them from installing the admin tools, but if they do not hold any administrative roles in the domain, they can't do much with the tools.  

0
 
LVL 15

Expert Comment

by:zelron22
ID: 24093679
Domain users can--and have to be able to--query active directory.  You can't stop that.  They can't modify it without admin permissions, but they can query it.

Otherwise, the above suggestions will work.
0
 
LVL 19

Author Comment

by:compdigit44
ID: 24099942
What about creating a GP to map these users to specific shares and block them from adding more or browsing the networK?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 27

Accepted Solution

by:
Jason Watkins earned 500 total points
ID: 24101704
Group policy doesn't really work that way.  GPOs can be used to maps scripts which will give the users access to shares.  Permissions control access to those actual shares.
0
 
LVL 19

Author Comment

by:compdigit44
ID: 24101757
I know about the permission I'm referring to controlling there user enviroment
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 24103121
What do you want to control? Older versions of Windows server cannot really prevent users from seeing items on the network, if it is set up correctly.  Are the users using a shared computer?  
0
 
LVL 19

Author Comment

by:compdigit44
ID: 24106148
I want to prevent these users from using network neighbor, mapping network drives...etc..
0
 
LVL 19

Author Comment

by:compdigit44
ID: 24163568
Surely Windows 2000 group policies can do something regarding this ... Please advise..
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question