Solved

email

Posted on 2013-01-04
7
268 Views
Last Modified: 2013-01-04
I am trying to set up an account that only has access to email. We do not want them to have access to anything else on our server. I am not sure how to do it.
Thank you
0
Comment
Question by:moses417
  • 3
  • 3
7 Comments
 
LVL 15

Expert Comment

by:jerseysam
ID: 38744046
Do not connect to domain, leave on workgroup.

Give them access to OWA via web
0
 

Author Comment

by:moses417
ID: 38744053
ok, what do i do if they have already been connected to the domain and i do not have access to their computer?
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 38744073
You need to take them off the domain.

Otherwise, if you have access to the server you can change their user account rights.

ie take them out of all groups and just add mail rights.

If on domain they will still be able to browse though. Need to take off domain, turn off network discovery etc. Reduce user rights and give access to OWA via Internet.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:moses417
ID: 38744102
I am sorry for all the probably basic questions but I am still learning. how do i turn off network discovery etc for the user? is it in Active Directory or somewhere else? I have removed all of the rights other then the default group permissions. should I create a new group that has no permissions? then assign that to them?
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 38744141
Network discovery is if they are using Windows 7 (Control Panel and Advanced Network Options).

You nned to give them zero permissions basically. However, if they will still be logging into the Domain then they will need to be members of Domain Users etc, and this is where you may run into difficulty.

Basically if you dont want them to have any access to Domain info then you really have to take them off the domain. Otherwise you will have to start with zero permissions and begin adding them 1 at a time to allow the user to log in and get on the internet but nothing else.
0
 

Author Comment

by:moses417
ID: 38744167
so are you saying i need to take his computer off the domain or remove him from A.D.? or am i totally lost.
0
 
LVL 9

Accepted Solution

by:
tsaico earned 250 total points
ID: 38744240
He is saying to take the computer account from the domain.  To some extent, it will be impossible to remove the computer if they are in the the same network as the server.  Even if you have the computer on a workgroup, you will have to setup something for him to print on eventually, and if you are running SBS, then he needs some resources for things like DNS, DHCP, etc.   Not to mention if he just types in the server name, like \\servername, then he will just be presented with credentials, and when he puts in his email one, it is one and the same, he gets in.

If you are just trying to protect the shares, then you can create a Deny group in AD, then add this Deny group to the shares/resources you want him out of.  Then add the user in this Deny group in AD.  Deny rights always take precedence to any allow.  If you put the computer name in it, then anyone who logs into the computer will not be able to get to the resources from that computer, if you put in the user name into the AD group, then that user cannot get in, regardless of where he logs in.  Plus if he changes, you can just remove him from the AD group and he will then have the same rights as the others on the network.

Keep in mind though, deny rights can play havoc if you are not careful.  that is why I suggest a AD group for deny, then add your users, so you can easily add them and remove them from the group.  Do not granularly add them, otherwise you will forget where the deny is.  This won't prevent your user from at least seeing resources, but it will keep him from printing, accessing shares, etc.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question