• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0
Sign in to follow this  

Restricting user accounts - temporarily

Question

Sulphy    1,461

Hey guys,

So i have an odd question. This is to affect thousands of accounts, so it should be easy to unpick. 

 

In a nutshell, I need to come up with a viable solution to lock down user accounts to only a couple of dedicated systems and web sites. ie email etc.

The users come in over VPN, and usually have loads of memberships in AD. I assume, that the user policies apply after the VPN has authenticated the user - am getting verification on that piece.

 

My thinking, was to inject an attribute to the AD accounts affected, and using MIM, find that attribute, and move the user to a new OU, that has disabled inheritance, with a unique policy applied that locks down certain apps from running, only allow a subset or URL's they can run, disable all network shares access etc.

 

Do you think this would work? 

 

OR

 

Does anyone maybe have a simpler process i can look into. Again, this is temporary, and need to be able to undo it easily.... we are talking around 22,000 accounts.

 

Appreciate any thoughts / ideas.

Share this post


Link to post
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.