This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

restrict user from accessing the network

Question
0

Sign in to vote

Hi,

can i restrict a user that is member of domain users group to not accessing the resource on a specific server?

scenario - i have 3 server windows 2008 r2 (one is TS one is DC and one is FS )

can i restrict the user that he cannot do the \\ to the FS server?

THX

Wednesday, November 6, 2013 3:30 PM

Answers

0

Sign in to vote
The best approach would be to set up the file server shares with NTFS permissions that are based on group membership. Then, unless the user is a member of the appropriate groups (associated with the shares) - they will have access to nothing. If you give domain users read access, then all users will have access.

The other option is to go into each share and add the user to the permissions but then DENY them read/write access.

If you want to prevent them from even seeing the shares/folders when they navigate to \\FILESERVER , look into enabling ABE (Access Based Enumeration) - this will not let users even see any folders or shares that they do not permissions to see (assuming you have permissions set up correctly).
- Proposed as answer by Greg LindsayMicrosoft employee Tuesday, November 12, 2013 1:07 AM
- Marked as answer by Daniel JiSun Tuesday, November 12, 2013 8:13 AM
Wednesday, November 6, 2013 4:27 PM