I am setting up an AD environment for the first time and using GPO to create the environment I want. Most of the configuration with respect to computers seems pretty straight forward but I am having difficulty understanding exactly how to accomplish a few security related issues. If someone could help me with the following examples it will help me get a feel for the structure.
I have created an OU that has several computers in it. These computers are similar to but not quite like a kiosk. They act as terminals where one application is running most of the time. I would like to have two user accounts that can access
these terminals (but not any other terminals on the domain). The first user I would like to be very limited (i.e. only run programs already installed) with one exception - they need to be able to change/update the system clock. The second account
I would like to be part of the local administrators group on all the computers in the OU but not be able to access/log into any of the other computers on the domain. On the local computer they should be able to perform any tasks.
The second issue concerns the LDAP and access. We have several firewalls that run IPSEC tunnels back to our HQ. The firewalls have the ability to access the LDAP to authorize SSL VPN users. How do I create a set of credentials Username/PW that allows the firewall access to the LDAP but little else? Additionally, I don't want all users in the AD to be able to have VPN access. How do I select/manage a subset so they have access?
Thanks for the help