• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 386
  • Last Modified:

Using Group Policy to restrict Authenticated User Access on Domain

Greetings,

We are running a Windows 2003 SBS domain with about 50 users.  We now have a requirement to add a new AD user that will not have access to any of the normal Domain based file shares as all other authenticated users.  This new AD user will log onto our Windows 2008 R2 Terminal Server in order to launch a specific application.

How can we restrict this user so the account is restricted from accessing anything except for the application they need to run on the Terminal Server?

Thanks in advance -

Dan
0
dmreid
Asked:
dmreid
1 Solution
 
Andrew DavisManagerCommented:
Do this via GPO what you want is to create a Software restricition policy. see http://technet.microsoft.com/en-us/library/cc782792(v=ws.10).aspx 
Create a policy that only allows the one app that you want and then using filters apply it to your one user, or alternativley put them in a seperate ou and apply it to the ou. Use RSOP to ensure that you are applying it correctly and that it will be enforced on the terminal server.

Not overly difficult but can get confusing due to loopback policy that you may need to put in effect, it is hard to say without knowing what your other policies are and what the structure of your configuration is. you may want to read http://social.technet.microsoft.com/wiki/contents/articles/windows-server-understand-user-group-policy-loopback-processing-mode.aspx for info on loopback.

Cheers
Andrew
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now