How can I restrict a user (in the development domain) to allow them to VPN into a domain, yet not use Windows Terminal Services to any server in that domain? I need for them to be able to run a client-side Java application (Quest Spotlight, actually) that will connect using Windows Auth to a single production server and display data coming from that production server via the Java GUI interface in he client app. Ideally I'd like to limit them to the single server in production, period. Vendor says to set up the domains in a trust relationship, like that's going to happen.
views:
35answers:
1
A:
They have to authenticate to the production domain, so just make sure they're in a group in that domain that does not have remote login rights on any system in the production domain.
Jim Garrison
2009-11-13 02:03:44
Moreover, in the domain user account properties you can change the "Log on to..." option so that the account only has rights to the target computer.
ewall
2009-12-24 22:15:11