• 0

Restricting user accounts - temporarily



Hey guys,

So i have an odd question. This is to affect thousands of accounts, so it should be easy to unpick. 


In a nutshell, I need to come up with a viable solution to lock down user accounts to only a couple of dedicated systems and web sites. ie email etc.

The users come in over VPN, and usually have loads of memberships in AD. I assume, that the user policies apply after the VPN has authenticated the user - am getting verification on that piece.


My thinking, was to inject an attribute to the AD accounts affected, and using MIM, find that attribute, and move the user to a new OU, that has disabled inheritance, with a unique policy applied that locks down certain apps from running, only allow a subset or URL's they can run, disable all network shares access etc.


Do you think this would work? 




Does anyone maybe have a simpler process i can look into. Again, this is temporary, and need to be able to undo it easily.... we are talking around 22,000 accounts.


Appreciate any thoughts / ideas.

Link to comment
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.