Re: How To Restrict Single Domain User To One Server/Folder?

Hello Eric,

Nice to hear, you're welcome.

Best regards

myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.



Yep, that ole 'everyone' group will getcha. It works now. Thanks for
your help!

Eric

"myweb" wrote:

Hello Eric,

If your account can still browse the other folders check your NTFS
permissions
on the other folders and check the membership of your account. You
have to
deal with your permissions carefully. Don't give the everyone group
access
anywhere. Work with authenticated users and set only on your shares
the groups
that should have accesss to the specified folders. It will work if
you configure
it the right way.
Maybe explain a littlebit about your share and folder permissions.
That can
help, to give you the right configuration information.
Best regards

myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
Thanks for the reply. That's the method that I have used but when I
test the account, I can still browse and access other folders on the
other servers. It doesn't seem to "stick".

Another DC is on the way too. Thanks for the tip.

"myweb" wrote:

Hello Eric,

Create your account, create a group for e.g Temporary_Members, make
that account member of this group and give the group only the
rights the user should have on that specific folder. In the users
login script create the mapping to this folder and nothing more.
Thats all.

If you like to restrict this account also with more policies,
create a new OU and set a GPO for the accounts in this group.

For your domain it should be more secure, that you upgrade one of
your member servers also to a DC. But only if it is not an Exchange
server. Think about it for failover reasons of your
ActiveDirectory.

Best regards

myweb
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
I have three 2k3 servers, each with shared folders, one is a DC
and the others are member servers. I need to add a user account
for a temporary employee, however, I don't want this employee to
access ANYTHING other than one folder on one server. What is the
quickest method to lock this user account down to one folder on
one server?

Thanks!

Eric



.

Relevant Pages

  • Re: Security discussion regarding hubs, firewalls, anti-virus and
    ... User Account Control needs advanced customization features -- I have ... allowing blocking of 3rd party cookies and session cookies ... I tried to drag it to a folder on my links so I could access it ... I looked at the folder and I appear to have full rights. ...
    (microsoft.public.security)
  • Re: "Access is denied" trying to connect to IIS7 - any ideas?
    ... Now, if I look at the problematic site in the IIS management, I can click the "Basic settings" link, and the "Connect as" button shows me that I am connecting as myself. ... No, your account doesn't have full control on the folder it seems, which can be superseded by another account on the folder, like the Everyone group account doesn't have full control as an example that has superseded your user account rights. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: The .DB files can not be deleted?
    ... You go to the folder off of Explore and to Properties, and with the Security tab enabled on the folder, you add your logged in user account to the folder and set permissions for your logged in account to Full permissions. ... If you are user/admin on the computer, then is some cases, Vista will not let you delete, because it is looking at your account as user, and it is looking at your account as admin. ... You don't have Full rights as user/admin on Vista like you have on XP. ...
    (microsoft.public.windows.vista.general)
  • Re: How To Restrict Single Domain User To One Server/Folder?
    ... "myweb" wrote: ... If your account can still browse the other folders check your NTFS permissions ... Maybe explain a littlebit about your share and folder permissions. ... your member servers also to a DC. ...
    (microsoft.public.windows.server.active_directory)
  • Re: IIS 6 & UNC Share Scurity Issue
    ... error to the folder that I have changed the rights on. ... The access is being denied is for the account rcareyad, ... have full NTFS right on the folder. ... I would think something to do with multiple authentication or ...
    (microsoft.public.inetserver.iis.security)
Loading