We help IT Professionals succeed at work.

Using Group Policy to restrict Authenticated User Access on Domain

Medium Priority
Last Modified: 2012-03-25

We are running a Windows 2003 SBS domain with about 50 users.  We now have a requirement to add a new AD user that will not have access to any of the normal Domain based file shares as all other authenticated users.  This new AD user will log onto our Windows 2008 R2 Terminal Server in order to launch a specific application.

How can we restrict this user so the account is restricted from accessing anything except for the application they need to run on the Terminal Server?

Thanks in advance -

Watch Question

Do this via GPO what you want is to create a Software restricition policy. see http://technet.microsoft.com/en-us/library/cc782792(v=ws.10).aspx 
Create a policy that only allows the one app that you want and then using filters apply it to your one user, or alternativley put them in a seperate ou and apply it to the ou. Use RSOP to ensure that you are applying it correctly and that it will be enforced on the terminal server.

Not overly difficult but can get confusing due to loopback policy that you may need to put in effect, it is hard to say without knowing what your other policies are and what the structure of your configuration is. you may want to read http://social.technet.microsoft.com/wiki/contents/articles/windows-server-understand-user-group-policy-loopback-processing-mode.aspx for info on loopback.


Explore More ContentExplore courses, solutions, and other research materials related to this topic.