How to create an account in the domain with access to only 1 folder and be able to log on RDP?
There are 3 file server on Windows Server 2008R2 (domain). We need to provide the employee a third-party organization access to a specific folder (D:\Program files\SOFT\) on each file server under one account. Employees will connect using RDP to upload several MB of data to perform .exe file is (specified) and off.
Option to prescribe rules prohibiting NTFS for each directory, in addition, how will the user I don't like.
First, as already noted in the comments, terminalni - they have you?
Or how all RDP organised?
Ie he will be on every server to go separately for RDP? Just with vneski? Or maybe you are set up AD Federation Services?
Can Claims-provider trust and the relying-party trust there is a need to implement?
Or Dynamic Access Control with user claim is applicable here.
Access to the folder - OK. With what permissions?
And at what level of integrity does this "EXE"? I.e. there may be different dependencies and requirements for the program in terms of permissions on directories and so on? And can not be avoided then escalate privileges.