We are working with a vendor that hosts Sharepoint. We are planning to set up a one way trust from our doamin (with an ipsec tunnel), so that our users can authenticate to the hosted Sharepoint site. I have to share a domain user name and passoword with the vendor, to complet the AD integration.
My concern is that this user will be part of the domain users group, have visability to the shares on the network, and the third party vendor will know the password.
Is there a way to set up a user in AD that is read only and can not hit any of the shares on the network? Would I have to go to each server providing network resources and deny this one user access to the drives on the server?
Thank you in advance