Re: removing user from domain users group doesn't help



Then consider either don't give domain users/users/everyone/authenticated
user permissions to any shares and instead give permissions to the global
groups you want to have access or give the global group deny permissions to
the shares you don't want them to access or deny access this computer from
the network user right for computers you don't want them to access shares
[other than domain controllers] on which can easily be managed via Group
Policy. Every time a user is created for the domain that user is
automatically added to the domain users group. --- Steve



"OM" <om@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uBwTshhmGHA.660@xxxxxxxxxxxxxxxxxxxxxxx
Steven L Umbach wrote:
I do NOT recommend that you try to remove users from the domain users
group as a strategy to manage access to shares or any other reason.
Instead create global groups that contains the users that you want to
have access to each share and then grant those global groups permissions
to the shares and do not include users/domain
users/everyone/authenticated users in the access control list for share
permissions. -- Steve


"OM" <om@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23rOO4GwlGHA.4992@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I have few shared folders on my w2k3 file server and most of them allow
read access for the domain users group.

I am trying to create a shared folder that only allows one group of
users to access. This group of users should has no access to other
shared folders. I created a new group and put all these users onto the
group and removed the domain users group from the "member of" property
of these users. So all these users are only member of the newly created
group. However, they are still able to access the file on the shares
that have read access for domain users.

Can someone advice how I can change the ntfs/share permission so that I
achieve my goal accordingly?

Thanks

OM



If the users still belong to the domain user group, they would be able to
access to other shares that have access permission assigned to domain user
group within the domain. I just want them to be able to access one single
folder only. Thanks


.



Relevant Pages

  • Re: removing user from domain users group doesnt help
    ... What I would do is to give that global group deny access this computer from ... only access shares on that server. ... give that group deny permissions for other shares on that server. ...
    (microsoft.public.windows.server.security)
  • Re: removing user from domain users group doesnt help
    ... user permissions to any shares and instead give permissions to the global groups you want to have access or give the global group deny permissions to the shares you don't want them to access or deny access this computer from the network user right for computers you don't want them to access shares on which can easily be managed via Group Policy. ... I have few shared folders on my w2k3 file server and most of them allow read access for the domain users group. ...
    (microsoft.public.windows.server.security)
  • Re: removing user from domain users group doesnt help
    ... Instead create global groups that contains the users that you want to have access to each share and then grant those global groups permissions to the shares and do not include users/domain users/everyone/authenticated users in the access control list for share permissions. ... I have few shared folders on my w2k3 file server and most of them allow read access for the domain users group. ... I created a new group and put all these users onto the group and removed the domain users group from the "member of" property of these users. ...
    (microsoft.public.windows.server.security)
  • Re: cant get access to disk share when connecting from a remote s
    ... > When I am connecting to the shares created by the script I always connect ... > with the admin username and password of the system that the shares are on; ... NTFS permissions on the files and folders themselves. ...
    (microsoft.public.windows.server.scripting)
  • Re: VBScript to audit shares and share permissions
    ... You can also use SRVCHECK tool included in Windows Server Resources Kit. ... A simple script will allow you to scan all your network. ... see all shares. ... VBScript to audit shares and share permissions ...
    (Focus-Microsoft)