|
I need to get some
security advice with Sharepoint portal server / ISA Server / IIS Server.
The problem we’re trying to solve is actually for 2 similar scenarios,
but different applications. 1. We
have an internal IIS server that we need to open up to external clients.
Also, we need to use integrated security on the web due to back end DB
permissions etc – so basically, we need users in AD. We currently
handle this through ISA server and it works fine from a security
standpoint. The question is – now that we’re actually rolling
this app out to clients, I need to create users in our internal AD. I
have created a separate OU for these users and planned on locking them down via
Group Policy (in theory) so they could only get to the web app – and
nothing else on the network. But I don’t see anywhere in GPO where
this can be done, and even if I did I don’t think it will work because
these user are not really logging onto the domain, they are just passing a
valid username/password to get through the ISA server. GPO can’t do
anything to an Internet user… 2. Similar
problem but using Sharepoint Portal Server. We have the need for external
suppliers/clients to access Sharepoint but I need to lockdown their accounts in
AD so they can only access the Sharepoint resource and nothing else… Hope that makes sense
– I haven’t been able to find any information on-line about this
problem. Joe
Pelle Infrastructure Architect Information Technology Valassis / IT Tel 734.591.7324 Fax 734.632.6151 This message may have included
proprietary or protected information. This message and the information
contained herein are not to be further communicated without my express written
consent. |
