Re: removing user from domain users group doesn't help

I do NOT recommend that you try to remove users from the domain users group
as a strategy to manage access to shares or any other reason. Instead create
global groups that contains the users that you want to have access to each
share and then grant those global groups permissions to the shares and do
not include users/domain users/everyone/authenticated users in the access
control list for share permissions. -- Steve


"OM" <om@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23rOO4GwlGHA.4992@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I have few shared folders on my w2k3 file server and most of them allow
read access for the domain users group.

I am trying to create a shared folder that only allows one group of users
to access. This group of users should has no access to other shared
folders. I created a new group and put all these users onto the group and
removed the domain users group from the "member of" property of these
users. So all these users are only member of the newly created group.
However, they are still able to access the file on the shares that have
read access for domain users.

Can someone advice how I can change the ntfs/share permission so that I
achieve my goal accordingly?

Thanks

OM


.

Relevant Pages

  • Re: removing user from domain users group doesnt help
    ... Instead create global groups that contains the users that you want to have access to each share and then grant those global groups permissions to the shares and do not include users/domain users/everyone/authenticated users in the access control list for share permissions. ... I have few shared folders on my w2k3 file server and most of them allow read access for the domain users group. ... I created a new group and put all these users onto the group and removed the domain users group from the "member of" property of these users. ...
    (microsoft.public.windows.server.security)
  • Re: removing user from domain users group doesnt help
    ... user permissions to any shares and instead give permissions to the global groups you want to have access or give the global group deny permissions to the shares you don't want them to access or deny access this computer from the network user right for computers you don't want them to access shares on which can easily be managed via Group Policy. ... I have few shared folders on my w2k3 file server and most of them allow read access for the domain users group. ...
    (microsoft.public.windows.server.security)
  • Re: Windows XP and Group Policy Preferences
    ... as part of audit request we were not allowed to have EVERYONE group on ... any shares. ... the print$ share on our print server has only domain users group ... when using GPP with computer policy it uses machine account. ...
    (microsoft.public.windows.group_policy)
  • Re: removing user from domain users group doesnt help
    ... user permissions to any shares and instead give permissions to the global ... the shares you don't want them to access or deny access this computer from ... to the shares and do not include users/domain ... I have few shared folders on my w2k3 file server and most of them allow ...
    (microsoft.public.windows.server.security)
  • Re: ActiveDirectoryMembershipProvider woes
    ... Is the Domain Users group part of the Pre-Win2K compat access group? ... In many cases permissions are delegated to the Pre-Win2K group but in some domains the Domain Users group is not included in this group so normal users only end up getting the permissions that are delegated to Authenticated Users instead. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)