So i have an odd question. This is to affect thousands of accounts, so it should be easy to unpick.
In a nutshell, I need to come up with a viable solution to lock down user accounts to only a couple of dedicated systems and web sites. ie email etc.
The users come in over VPN, and usually have loads of memberships in AD. I assume, that the user policies apply after the VPN has authenticated the user - am getting verification on that piece.
My thinking, was to inject an attribute to the AD accounts affected, and using MIM, find that attribute, and move the user to a new OU, that has disabled inheritance, with a unique policy applied that locks down certain apps from running, only allow a subset or URL's they can run, disable all network shares access etc.
Do you think this would work?
OR
Does anyone maybe have a simpler process i can look into. Again, this is temporary, and need to be able to undo it easily.... we are talking around 22,000 accounts.
Question
Hey guys,
So i have an odd question. This is to affect thousands of accounts, so it should be easy to unpick.
In a nutshell, I need to come up with a viable solution to lock down user accounts to only a couple of dedicated systems and web sites. ie email etc.
The users come in over VPN, and usually have loads of memberships in AD. I assume, that the user policies apply after the VPN has authenticated the user - am getting verification on that piece.
My thinking, was to inject an attribute to the AD accounts affected, and using MIM, find that attribute, and move the user to a new OU, that has disabled inheritance, with a unique policy applied that locks down certain apps from running, only allow a subset or URL's they can run, disable all network shares access etc.
Do you think this would work?
OR
Does anyone maybe have a simpler process i can look into. Again, this is temporary, and need to be able to undo it easily.... we are talking around 22,000 accounts.
Appreciate any thoughts / ideas.
Link to post
Share on other sites
0 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now