Restrict logon from non domain machine to only one user
Posted on 2013-10-30
we have a customer with several Windows XP machines and 2 windows 2008 Servers.
The customer has his own LAN with his own domain, let's say customer.domain, and GPO's in place and everything works fine.
This customer has to work from some computers that do not belong to his domain nor to his LAN. These new computers belong to another domain, let's say external.domain, and we can't modify anything from them. These computers are shared with a lot of people from different companies.
Customer.domain and external.domain are in the same building so we setup a FO link between our Firewalls and opened some ports to allow logon from external.domain machines to customer.domain so that they can access to the shared resources of customer.domain from external.domain. Again everything is working fine. Now comes the issue.
In our customer.domain there are some users with extremely simple passwords, something like 123456, and forcing them to change the passwords is not an option.
We'd like to restrict the login from external.domain to customer.domain to only one user who we'll have a complicated password. Also, we'd like this user to autodisconnect every 60 minutes so that they need to retype the password to gain access to customer.domain.
Is there a way to setup something like this?