|
Posted by S. Pidgorny on June 29, 2008, 4:06 am
Please log in for more thread options Generally a computer doesn't have to be a member of the domain for the users
to have access to domain resources (I can map drives on Windows server from
my Linux system, for example).
But in your scenario, in the end, you'll have to provide them with either a
domain account, or its credentials. ACLs on the resources and perhaps a
firewall will give you enough control. You can create a GPO with a security
policy that will disallow those external users log on intercatively or via
network to any other computers.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
> The server is hosting access for another company and I don't want the
> possiblility of them accessing anything except the two servers in
> question. I
> would feel more comfortable is they were just local server accounts and
> not
> Domain accounts, but I'm not sure how you could give a local server user
> account access to a domain server when that server is not part of the
> domain.
>
> "S. Pidgorny <MVP>" wrote:
>
>> Why not to add the server to your domain? That gives you functionality to
>> have the required access restrictions...
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>
>>
>> >I need to setup a 2003 Terminal Server for an outside agency. This
>> >server
>> > needs to access our TS License Server and another stand alone server
>> > within
>> > our domain. I'd don't want to add the server to our domain or create a
>> > new
>> > domain for it. If I make the admin password the same as our domain
>> > admin
>> > password it works okay but I also get more access to the domain than I
>> > want.
>> > What would be best practice for getting this single isolated server
>> > limited
>> > access to only trhese two servers within the domain ?
>>
>>
>>
| 
XML Sitemap