Mark Minasi's Tech Forum
Register Calendar Latest Topics Chat
 
 
 


Reply
  Author   Comment  
nikolas.e

Senior Member
Registered:
Posts: 111
Reply with quote  #1 
We have been asked to create 2 user accounts in AD so this users will vpn only through cisco device and access only a subfolder currently having data  in our network.

I have created 2 domain users added them to a new group called vpn_users, set the vpn_users group as their primary group and removed them from domain users group(I removed them because every other folder has domain users granted permissions).  I have setup the shared and ntfs permissions and tested it. This 2 users can access only that folder and denied permissions for the other folders.

I guess i could have add the vpn_group to the other folders that i do not want them to have access and deny permissions for that folders only to them.

My question is since this 2 users will only vpn to access that folder and nothing else does setting a different group as their primary and removing them from the domain users group will by any chance affect anything else?

__________________
Just call me the 1000Questionsguy
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 183
Reply with quote  #2 
> does setting a different group as their primary and removing them from the domain users group will by any chance affect anything else?

Cross-forest operations are much more difficult, but otherwise I guess you'll be ok.

__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
nikolas.e

Senior Member
Registered:
Posts: 111
Reply with quote  #3 
Thank you Willem for the answer. Much appreciated
__________________
Just call me the 1000Questionsguy
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation: