Solved

Using Group Policy to restrict Authenticated User Access on Domain

Posted on 2012-03-13
1
380 Views
Last Modified: 2012-03-25
Greetings,

We are running a Windows 2003 SBS domain with about 50 users.  We now have a requirement to add a new AD user that will not have access to any of the normal Domain based file shares as all other authenticated users.  This new AD user will log onto our Windows 2008 R2 Terminal Server in order to launch a specific application.

How can we restrict this user so the account is restricted from accessing anything except for the application they need to run on the Terminal Server?

Thanks in advance -

Dan
0
Comment
Question by:dmreid
1 Comment
 
LVL 18

Accepted Solution

by:
Andrew Davis earned 500 total points
ID: 37718757
Do this via GPO what you want is to create a Software restricition policy. see http://technet.microsoft.com/en-us/library/cc782792(v=ws.10).aspx 
Create a policy that only allows the one app that you want and then using filters apply it to your one user, or alternativley put them in a seperate ou and apply it to the ou. Use RSOP to ensure that you are applying it correctly and that it will be enforced on the terminal server.

Not overly difficult but can get confusing due to loopback policy that you may need to put in effect, it is hard to say without knowing what your other policies are and what the structure of your configuration is. you may want to read http://social.technet.microsoft.com/wiki/contents/articles/windows-server-understand-user-group-policy-loopback-processing-mode.aspx for info on loopback.

Cheers
Andrew
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question