Hi,
I'm looking for a way to restrict certain domain accounts (Domain Admins, Enterprise Admins, etc.) .
Is it possible in a Windows Active Directory environment
to allow certain AD user account to logon to AD only, if they are
coming (source IP) from a particular IP address/machine name. Or to
put it differently, I want Kerberos to issue tickets (TGTs, STs) for certain
accounts only, if the client issuing the authentication request is in
a particular IP/IP-band/machine name.
Maybe any third-party products that allow such settings?
Regards,
Michael