Deny authentication for a user group

  • Thread starter Thread starter a8ap
  • Start date Start date
A

a8ap

Hello Folks,

I need urgent advice on any easy method to deny authentication for a
group of users, except for the purpose exchange email access.

Specifically, there is an EZproxy server where the domain user
authentication is triggered. I would like to deny that authentication
at the Active Directory for a particular group of users, without
disturbing any settings on the EZproxy.

Your help will be much appreciated. Thanks!
 
Hello Folks,

I need urgent advice on any easy method to deny authentication for a
group of users, except for the purpose exchange email access.
Click to expand...

By definition "it" cannot be done. A group or user must be
AUTHENTICATED to be a 'user' or a member of a 'group'.
That is the definition of authentication.

You can however, deny access to anything you wish.

Remove the users from any undesirable groups -- perhaps
add them to another group (EmailOnly) and only grant access
to those things they need, while explicitly denying access
(if necessary) to other resources.
Specifically, there is an EZproxy server where the domain user
authentication is triggered. I would like to deny that authentication
at the Active Directory for a particular group of users, without
disturbing any settings on the EZproxy.
Click to expand...

Groups are defined for a user through authentication.
Your help will be much appreciated. Thanks!
Click to expand...

Don't grant access. And when necessary, deny access.
 
Thanks.

ok, i got the point that groups cannot be used until the user is
authenticated.

What about at each user ID level. The proxy server trigger the
authentication process with AD, can something be done at the AD side to
stop or deny login for specific user(s) ?

Is there anywhere in the authentication process where i can intercept
and check, like a script?
 
You can set, in the users account, which computer they are allowed to
log onto. If you set that value to your OWA server, they will only be
able to access mail via OWA and will not be allowed to log onto any
other domain computer on your network.
 
Back
Top