Sulphy Posted April 1, 2020 Share Posted April 1, 2020 Hey guys, So i have an odd question. This is to affect thousands of accounts, so it should be easy to unpick. In a nutshell, I need to come up with a viable solution to lock down user accounts to only a couple of dedicated systems and web sites. ie email etc. The users come in over VPN, and usually have loads of memberships in AD. I assume, that the user policies apply after the VPN has authenticated the user - am getting verification on that piece. My thinking, was to inject an attribute to the AD accounts affected, and using MIM, find that attribute, and move the user to a new OU, that has disabled inheritance, with a unique policy applied that locks down certain apps from running, only allow a subset or URL's they can run, disable all network shares access etc. Do you think this would work? OR Does anyone maybe have a simpler process i can look into. Again, this is temporary, and need to be able to undo it easily.... we are talking around 22,000 accounts. Appreciate any thoughts / ideas. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now