Solved

Using Group Policy to restrict Authenticated User Access on Domain

Posted on 2012-03-13
1
377 Views
Last Modified: 2012-03-25
Greetings,

We are running a Windows 2003 SBS domain with about 50 users.  We now have a requirement to add a new AD user that will not have access to any of the normal Domain based file shares as all other authenticated users.  This new AD user will log onto our Windows 2008 R2 Terminal Server in order to launch a specific application.

How can we restrict this user so the account is restricted from accessing anything except for the application they need to run on the Terminal Server?

Thanks in advance -

Dan
0
Comment
Question by:dmreid
1 Comment
 
LVL 18

Accepted Solution

by:
Andrew Davis earned 500 total points
ID: 37718757
Do this via GPO what you want is to create a Software restricition policy. see http://technet.microsoft.com/en-us/library/cc782792(v=ws.10).aspx 
Create a policy that only allows the one app that you want and then using filters apply it to your one user, or alternativley put them in a seperate ou and apply it to the ou. Use RSOP to ensure that you are applying it correctly and that it will be enforced on the terminal server.

Not overly difficult but can get confusing due to loopback policy that you may need to put in effect, it is hard to say without knowing what your other policies are and what the structure of your configuration is. you may want to read http://social.technet.microsoft.com/wiki/contents/articles/windows-server-understand-user-group-policy-loopback-processing-mode.aspx for info on loopback.

Cheers
Andrew
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now