Limit AD users login to a single application

Home Forums Microsoft Networking and Management Services Active Directory Limit AD users login to a single application

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    Hi everybody
    i’m tryin to find the best solution to a security concern.. i’ll explain
    Our active directory domain has a group of users who only need access from the internet to one or more applications (tipically exchange mailbox and/or sharepoint) and will never connect to local network, authenticate on a domain computer, or access a file share.
    They will only need to login to the applications, but since those apps need domain users i have these accounts in AD and i want to limit them, based on the least privilege principle.
    The external users are the ones i have less control on, and i want their accounts to be completely useless if stolen, for anything else than logging onto those apps

    I have considered using the “Log On to” feature in the account configuration, pointing to a single, disconnected computer, but it does not convince me

    Do you have any suggestions? i think i’m not the first to have this concern, but i could not find any real answer on the forums

    thanks a lot!

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.