Securing a single domain user account to just one website and no network / local drive access

I have a customer who has requested that we create a domain guest account. This account is to have access to just ONE website (which should load upon default). The same user account must not be able to access any resources either on the network or the local machine that (s)he logs in to.

This account should be able to log on to any domain attached computer.

All machines have IE on them some have additional browsers, so I need to ensure that this one URL is the only one available to this one user regardless of browser being used.

The domain is 2012 based, and there is a hardware based firewall (Watchguard XTM515) in place which is configured to restrict / allow internet access based on IP address - not on users.
LVL 17
Chris MillardAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alessandro ScafariaInfrastructure Premier Field AdministratorCommented:
You should deploy the Watchguard SSO agent in your AD environment in order to double authenticate AD users in the network...

http://www.jarofrant.com/watchguard-sso-part-1/

http://www.jarofrant.com/watchguard-sso-part-2/

http://www.jarofrant.com/watchguard-sso-made-simpleer-part-3/

Enabling this feature, you may do basically whatever you want in your AD environment....

I hope this helps.....let us know your thoughts....
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Chris MillardAuthor Commented:
That's the ticket! I was unaware of the requirement for the SSO Gateway (and client). I've had a case open with Watchguard for weeks, and they never mentioned this.

To be fair, I never read the documentation either :-/
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.