I'm certain I'm being a bit thick here, but how can I use Group Policy to restrict access for a user (although there will be more than one user eventually, probably in a group) to a single server.
This is the senario. They will be accessing our network over a vpn connection and I want to deny them access to all machines within our domain (servers and PC's) except 1 member server and preferably to a single directory on that server. What I don't want is for them (once they connect to the server) to be able to then browse randomnly through the rest of the network.
The second problem is that the server in question, unfortunately, was set up to allow users access to almost all of the server directories by default. This isn't my most pressing concern at the moment though. I really need initially to lock them down to just the one server and I'm staring at group policy, having never really looked at it before as we just left GPO's alone when we set up AD, with no idea where to start. I've seen plenty of info on how to prevent them accessing 1 machine but I don't fancy going round to over 200 and setting deny rights on each of them through local policy.
Can anyone help me? Thanks
This is the senario. They will be accessing our network over a vpn connection and I want to deny them access to all machines within our domain (servers and PC's) except 1 member server and preferably to a single directory on that server. What I don't want is for them (once they connect to the server) to be able to then browse randomnly through the rest of the network.
The second problem is that the server in question, unfortunately, was set up to allow users access to almost all of the server directories by default. This isn't my most pressing concern at the moment though. I really need initially to lock them down to just the one server and I'm staring at group policy, having never really looked at it before as we just left GPO's alone when we set up AD, with no idea where to start. I've seen plenty of info on how to prevent them accessing 1 machine but I don't fancy going round to over 200 and setting deny rights on each of them through local policy.
Can anyone help me? Thanks