Solved

email

Posted on 2013-01-04
7
272 Views
Last Modified: 2013-01-04
I am trying to set up an account that only has access to email. We do not want them to have access to anything else on our server. I am not sure how to do it.
Thank you
0
Comment
Question by:moses417
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 15

Expert Comment

by:jerseysam
ID: 38744046
Do not connect to domain, leave on workgroup.

Give them access to OWA via web
0
 

Author Comment

by:moses417
ID: 38744053
ok, what do i do if they have already been connected to the domain and i do not have access to their computer?
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 38744073
You need to take them off the domain.

Otherwise, if you have access to the server you can change their user account rights.

ie take them out of all groups and just add mail rights.

If on domain they will still be able to browse though. Need to take off domain, turn off network discovery etc. Reduce user rights and give access to OWA via Internet.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:moses417
ID: 38744102
I am sorry for all the probably basic questions but I am still learning. how do i turn off network discovery etc for the user? is it in Active Directory or somewhere else? I have removed all of the rights other then the default group permissions. should I create a new group that has no permissions? then assign that to them?
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 38744141
Network discovery is if they are using Windows 7 (Control Panel and Advanced Network Options).

You nned to give them zero permissions basically. However, if they will still be logging into the Domain then they will need to be members of Domain Users etc, and this is where you may run into difficulty.

Basically if you dont want them to have any access to Domain info then you really have to take them off the domain. Otherwise you will have to start with zero permissions and begin adding them 1 at a time to allow the user to log in and get on the internet but nothing else.
0
 

Author Comment

by:moses417
ID: 38744167
so are you saying i need to take his computer off the domain or remove him from A.D.? or am i totally lost.
0
 
LVL 9

Accepted Solution

by:
tsaico earned 250 total points
ID: 38744240
He is saying to take the computer account from the domain.  To some extent, it will be impossible to remove the computer if they are in the the same network as the server.  Even if you have the computer on a workgroup, you will have to setup something for him to print on eventually, and if you are running SBS, then he needs some resources for things like DNS, DHCP, etc.   Not to mention if he just types in the server name, like \\servername, then he will just be presented with credentials, and when he puts in his email one, it is one and the same, he gets in.

If you are just trying to protect the shares, then you can create a Deny group in AD, then add this Deny group to the shares/resources you want him out of.  Then add the user in this Deny group in AD.  Deny rights always take precedence to any allow.  If you put the computer name in it, then anyone who logs into the computer will not be able to get to the resources from that computer, if you put in the user name into the AD group, then that user cannot get in, regardless of where he logs in.  Plus if he changes, you can just remove him from the AD group and he will then have the same rights as the others on the network.

Keep in mind though, deny rights can play havoc if you are not careful.  that is why I suggest a AD group for deny, then add your users, so you can easily add them and remove them from the group.  Do not granularly add them, otherwise you will forget where the deny is.  This won't prevent your user from at least seeing resources, but it will keep him from printing, accessing shares, etc.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
In this article I discuss my selections of the Top Four free Outlook OST File Viewers available. Open, view and read even damaged OST files by using these tools. They all provide a clear preview of all data such as emails, notes, tasks, calendars, e…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question