?
Solved

Isolating a server in a domain

Posted on 2009-07-14
7
Medium Priority
?
224 Views
Last Modified: 2012-05-07
I have an overseas vendor that I would like to allow access into our domain for code drops and pickups using VPN and keep them from seeing devices and have access to applications and data in the rest of the domain.

I am thinking of a stand alone server not joined to the domain.  Is this the only / best approach.
0
Comment
Question by:ITGIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 11

Expert Comment

by:loftyworm
ID: 24855367
Have you considered using IPSec?
deployed from GPO on the host or to the domain, either way it should work.
0
 
LVL 10

Expert Comment

by:remmett70
ID: 24855603
What does the vendor need to do?  Run applications on the one server or just move code in and out?  If they just need to move code and don't need desktop access or anything maybe access through FTP only.
0
 

Author Comment

by:ITGIT
ID: 24855878
Using SVN to check in and out code and if I add these folks to AD and give them VPN credentials they can easily browse and find shares and other non secure items on the network.

So I want to allow them to use SVN "subversion" and NOT see the network schtuffs
0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 
LVL 2

Expert Comment

by:javiersantana
ID: 24856195
Just add that user account into a seperate OU. Make sure he isn't in any of the groups that are allowed to log on to computer via the network ( this should be under user rights assignment ) or interractively. If he needs to UNC into that one server for any reason, move that server into a seperate OU. Then create a gpo so that the group he is in is allowed to browse to the server.

Hope this makes sense.
0
 
LVL 2

Expert Comment

by:zorionterrell
ID: 24862185
If its only for Subversion then you dont even need to allow that person direct access to the box.
Get another IP from your ISP. Assign it as a Virtual IP on your Firewall. Setup NAT for web ports (or what ever ports you use) from the virtual IP to the Subversion box. Make sure you set the pass rules on your FW as well.

I have a setup like this running at our buisness for our programmer. On our web server we also created a virtual host (subv.company.com) with the DNS pointing to the Virtual IP.
0
 

Author Comment

by:ITGIT
ID: 24864287
zorionterrell:

So then I can join a new server that my PE team wants to use and own into the domain to make it easier to run other tools and apps like cruise control and jira and etc and then via my ASA I can use an external IP access rule and nat it to the box per FTP / WEB or whatever ports required.

The outside folks could then drop and retrieve code secure from our domain.
0
 
LVL 2

Accepted Solution

by:
zorionterrell earned 1000 total points
ID: 24864303
Correct. You limit what they can access to without exposing your entire network to net.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question