Deny authentication for a user group

A

a8ap

Hello Folks,

I need urgent advice on any easy method to deny authentication for a
group of users, except for the purpose exchange email access.

Specifically, there is an EZproxy server where the domain user
authentication is triggered. I would like to deny that authentication
at the Active Directory for a particular group of users, without
disturbing any settings on the EZproxy.

Your help will be much appreciated. Thanks!
 
H

Herb Martin

Hello Folks,

I need urgent advice on any easy method to deny authentication for a
group of users, except for the purpose exchange email access.
Click to expand...

By definition "it" cannot be done. A group or user must be
AUTHENTICATED to be a 'user' or a member of a 'group'.
That is the definition of authentication.

You can however, deny access to anything you wish.

Remove the users from any undesirable groups -- perhaps
add them to another group (EmailOnly) and only grant access
to those things they need, while explicitly denying access
(if necessary) to other resources.
Specifically, there is an EZproxy server where the domain user
authentication is triggered. I would like to deny that authentication
at the Active Directory for a particular group of users, without
disturbing any settings on the EZproxy.
Click to expand...

Groups are defined for a user through authentication.
Your help will be much appreciated. Thanks!
Click to expand...

Don't grant access. And when necessary, deny access.
 
A

a8ap

Thanks.

ok, i got the point that groups cannot be used until the user is
authenticated.

What about at each user ID level. The proxy server trigger the
authentication process with AD, can something be done at the AD side to
stop or deny login for specific user(s) ?

Is there anywhere in the authentication process where i can intercept
and check, like a script?
 
R

rwh

You can set, in the users account, which computer they are allowed to
log onto. If you set that value to your OWA server, they will only be
able to access mail via OWA and will not be allowed to log onto any
other domain computer on your network.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Intercepting Authentication 1
asp.net windows authentication 3
Deny account operators from deleting users 1
window based authentication with members defined in a distribution list. 2
Forms Authentication for single directory 1
Deny specific user 4
Deny access this computer from network 1
Deny Read to Default Domain Security Policy 2

Top