restric access to certain folders from terminal server
My company recently signed an agreement with one of our customers saying that we will not work on any of their classified documents outside of our office. Users are allowed to access these files from their work computers, but I need to restrict access to these files when they are logged into the terminal server. I was hoping that I could simply add the terminal server's computer account to the NTFS permissions for the customer's various directories and set deny all for that computer account. I have learned that NTFS permission can only be set for user accounts. Is their any easy way to do this other than to create a separate terminal server login for each user? We have a Server 2003 domain, with a 2003 file server and 2003 terminal server.
Solution: restric access to certain folders from terminal server
There may be better options, but the only one I could come up with is: -using a loopback GPO for the terminal servers, configure logon & logoff scripts -have the scripts add/remove people from AD groups -deny rights to the appropriate folders using the groups