Domain Account - severely restrict

[jenlion]

Hello,

I'm creating a webservice for a customer. I have a small problem - prefer that a domain account be used to authenticate users before the access this service, but they don't have anything suitable in their domain.

Seems to me that a domain user that isn't given access to anything except the directory in question would work, but turns out their setup allows a bit too much internally by default.

Is there any simple way to add a new domain user and restrict it from *everything* by default, and then add the specific directory?

Unfortunately, local account on webserver doesn't work. Looks like it has to be a domain account, or I need to redo the auth on the service, which is a pain. I've been out of domain admin for a few years now, and I don't know if there's a simple way to do this. They're on server 2003.

Thanks!

 

[MakeItSo]

The simple way would be to
[ul]
[li]create the user,[/li]
[li]create a new security group (e.g. "WSUser"), [/li]
[li]add the new user to this group,[/li]
[li]make it his primary group,[/li]
[li]remove him from the group "domain users",[/li]
[li]give the group "WSUser" permission for the desired folder[/li]
[/ul]
That should exclude him from the "normal" folders.


[navy]"We had to turn off that service to comply with the CDA Bill."[/navy]
- The Bastard Operator From Hell