restrict user from accessing the network RRS feed

  • Question

  • Hi,

    can i restrict a user that is member of domain users group to not accessing the resource on a specific server?

    scenario - i have 3 server windows 2008 r2 (one is TS one is DC and one is FS )

    can i restrict the user that he cannot do the \\ to the FS server?


    Wednesday, November 6, 2013 3:30 PM


  • The best approach would be to set up the file server shares with NTFS permissions that are based on group membership. Then, unless the user is a member of the appropriate groups (associated with the shares) - they will have access to nothing.  If you give domain users read access, then all users will have access.

    The other option is to go into each share and add the user to the permissions but then DENY them read/write access.

    If you want to prevent them from even seeing the shares/folders when they navigate to \\FILESERVER , look into enabling ABE (Access Based Enumeration) - this will not let users even see any folders or shares that they do not permissions to see (assuming you have permissions set up correctly).

    Wednesday, November 6, 2013 4:27 PM