locked
MOSS 2007 how to deny access to some group of users RRS feed

  • Question

  • Hi All,

    We have a situation with permissions needed to be resolved.

    There is a MOSS 2007 farm used by people from 2 trusted domains for 2 years.

    We need to deny access to people from a trusted domain, but we know only those who must access our Portal (less part of this domain).

    Please help to accomplish such an exclusion.

    Sunday, December 11, 2011 10:42 PM

Answers

  • You should always use the opposite approach: only allow those users which should be allowed to access the server and not vice versa.

    I assume you have currently assigned the authenticated users or domain users group to your sharepoint groups. Instead you should add those people or groups which should be allowed to access SharePoint.

    All other users will automatically be denied.


    Stefan Goßner
    Senior Escalation Engineer - Microsoft CSS
    This post is provided "AS IS" with no warrenties and confers no rights.


    Stefan,

    I understand this approach but the farm is configured already. Lots of site collections and sites with inherited and individual permissions.

    We don't have it configured on the Web App level, but on site collections and sites level we may have exactly written (nt authority\authenticated users or Trusted_Domain\Domain Users), it can be included on libraries, items level as well. Or even if a user who now must be rejected ic configured directly on the site level to have Read Access.

    Perhaps it can be a script to go thru the farm and delete such permission records.

    Monday, December 12, 2011 7:33 AM

All replies

  • You should always use the opposite approach: only allow those users which should be allowed to access the server and not vice versa.

    I assume you have currently assigned the authenticated users or domain users group to your sharepoint groups. Instead you should add those people or groups which should be allowed to access SharePoint.

    All other users will automatically be denied.


    Stefan Goßner
    Senior Escalation Engineer - Microsoft CSS
    This post is provided "AS IS" with no warrenties and confers no rights.
    Sunday, December 11, 2011 11:17 PM
  • You should always use the opposite approach: only allow those users which should be allowed to access the server and not vice versa.

    I assume you have currently assigned the authenticated users or domain users group to your sharepoint groups. Instead you should add those people or groups which should be allowed to access SharePoint.

    All other users will automatically be denied.


    Stefan Goßner
    Senior Escalation Engineer - Microsoft CSS
    This post is provided "AS IS" with no warrenties and confers no rights.


    Stefan,

    I understand this approach but the farm is configured already. Lots of site collections and sites with inherited and individual permissions.

    We don't have it configured on the Web App level, but on site collections and sites level we may have exactly written (nt authority\authenticated users or Trusted_Domain\Domain Users), it can be included on libraries, items level as well. Or even if a user who now must be rejected ic configured directly on the site level to have Read Access.

    Perhaps it can be a script to go thru the farm and delete such permission records.

    Monday, December 12, 2011 7:33 AM