Step 1: Creating the Security Group

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

In this step, you create a security group in Active Directory. This group will be referenced by your firewall rule in a later step to control which users can access the server.


Although this guide only demonstrates server isolation by using user accounts, a very similar process can be followed to restrict access from only authorized computers. To restrict access by either, you must use an authentication method that includes the appropriate credentials. In the previous section on domain isolation, you created a rule that requests both user and computer authentication using Kerberos V5, which is perfect for our purposes in this section on server isolation.

To create a security group

  1. On DC1, click Start, click Administrative Tools, and then click Server Manager.

  2. In the navigation pane, expand Roles, expand Active Directory Domain Services, expand Active Directory Users and Computers, expand, right-click Users, click New, and then click Group.

  3. In the New Object - Group dialog box, in the Group name text box, type Authorized to Access MBRSVR1, and then click OK.

  4. Leave Server Manager running with the Computers container shown in the results pane.

Do not add any users to the group yet.

Next topic: Step 2: Modifying a Firewall Rule to Require Group Membership and Encryption