I've been checking previous postings. We are opening up a sharepoint site for partner companies. Once they get to their site we don't want them on any other servers on the network.
I followed the info in previous postings and created a group called Computer_Deny, created a user and added them to that group. I created a GPO and linked it to the default domain with the user right deny access to this computer from the network enabled
and the Computer_Deny group added. Removed authenticated users from the filtering and added the Computer_Deny group.
did gpupdate /force
restarted an internal machine for testing. Logged on as the user I created, the user can't get to any server except the domain controller. What I'm not sure about....they need to authenticate with the DC, I believe, once they finish their HTTPS
entry and then need to get to the sharepoint server. If that is true, the authentication process has to happen on the DC. I would think the authentication process is different that a user trying to access a computer from the network. Am I
correct? Am I least moving in the right direction?
The user can still access the DC various ways i.e. run command, entire network but NOT via RDP since that right has not been granted. Some further research indicates that if
View Complete Post