Access Team Foundation Server (TFS) for non-AD users

0
votes

We have recently installed TFS 2010. Our Active Directory users (i.e. my company's staff) can access it just fine.

However, we also have contractors working in the office who do not have an AD account. I am having difficulty trying to get the non-AD users to connect to TFS through Visual Studio. The contractors are on the same LAN but have no AD account, which we do to restrict access to other resources on the network.

I created local Windows user accounts on the server for the contractors. With the local account they can access the TFS web front end but still cannot connect through Visual Studio.

Is there any way to do this? Do the contractors need to have Remote Desktop access to the server itself?

2
tfsactive-directory
I found that I can get this working without using AD for contractors. Add the users as local windows accounts with the "Access this computer from the network" option enabled in Local Security Policy > Local Policies > User Rights Assignment.rf_wilson
Our organisation was unwilling to give AD access to external staff due to security considerationsrf_wilson

2 Answers

3
votes

You should definitely give your contractors AD accounts. If you want to restrict access to internal resources, you can use Organisational Units in AD, like

  • MyCompany
    • Employees
    • Contractors

And set access restrictions to your resources according to groups linked to the OUs.

Giving remote access to the server will just create another set of issues.

-1
votes

When you install a non Express version of TFS, you need an AD for authentication, you can't use properly the TFS server from a non AD account.

From this point you have two solutions:

  1. Create AD account for contractors (one per company or one per user, your call).
  2. Create a domain Trust between your domain and the contractor's one. See this documentation for more info.

I don't understand clearly the Remote Desktop part, explain please.