Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

email

Posted on 2013-01-04
7
Medium Priority
?
277 Views
Last Modified: 2013-01-04
I am trying to set up an account that only has access to email. We do not want them to have access to anything else on our server. I am not sure how to do it.
Thank you
0
Comment
Question by:moses417
  • 3
  • 3
7 Comments
 
LVL 15

Expert Comment

by:jerseysam
ID: 38744046
Do not connect to domain, leave on workgroup.

Give them access to OWA via web
0
 

Author Comment

by:moses417
ID: 38744053
ok, what do i do if they have already been connected to the domain and i do not have access to their computer?
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 38744073
You need to take them off the domain.

Otherwise, if you have access to the server you can change their user account rights.

ie take them out of all groups and just add mail rights.

If on domain they will still be able to browse though. Need to take off domain, turn off network discovery etc. Reduce user rights and give access to OWA via Internet.
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 

Author Comment

by:moses417
ID: 38744102
I am sorry for all the probably basic questions but I am still learning. how do i turn off network discovery etc for the user? is it in Active Directory or somewhere else? I have removed all of the rights other then the default group permissions. should I create a new group that has no permissions? then assign that to them?
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 38744141
Network discovery is if they are using Windows 7 (Control Panel and Advanced Network Options).

You nned to give them zero permissions basically. However, if they will still be logging into the Domain then they will need to be members of Domain Users etc, and this is where you may run into difficulty.

Basically if you dont want them to have any access to Domain info then you really have to take them off the domain. Otherwise you will have to start with zero permissions and begin adding them 1 at a time to allow the user to log in and get on the internet but nothing else.
0
 

Author Comment

by:moses417
ID: 38744167
so are you saying i need to take his computer off the domain or remove him from A.D.? or am i totally lost.
0
 
LVL 9

Accepted Solution

by:
tsaico earned 1000 total points
ID: 38744240
He is saying to take the computer account from the domain.  To some extent, it will be impossible to remove the computer if they are in the the same network as the server.  Even if you have the computer on a workgroup, you will have to setup something for him to print on eventually, and if you are running SBS, then he needs some resources for things like DNS, DHCP, etc.   Not to mention if he just types in the server name, like \\servername, then he will just be presented with credentials, and when he puts in his email one, it is one and the same, he gets in.

If you are just trying to protect the shares, then you can create a Deny group in AD, then add this Deny group to the shares/resources you want him out of.  Then add the user in this Deny group in AD.  Deny rights always take precedence to any allow.  If you put the computer name in it, then anyone who logs into the computer will not be able to get to the resources from that computer, if you put in the user name into the AD group, then that user cannot get in, regardless of where he logs in.  Plus if he changes, you can just remove him from the AD group and he will then have the same rights as the others on the network.

Keep in mind though, deny rights can play havoc if you are not careful.  that is why I suggest a AD group for deny, then add your users, so you can easily add them and remove them from the group.  Do not granularly add them, otherwise you will forget where the deny is.  This won't prevent your user from at least seeing resources, but it will keep him from printing, accessing shares, etc.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we’ll look at how to deploy ProxySQL.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question