Solved

setting up a user on network to only be able to access one folder....

Posted on 2004-10-14
9
166 Views
Last Modified: 2010-04-10
Hi,

I am going blank on this one for some reason.  Here's the scenario:

I have a person that is on a different domain at another location, but we are all connected via a fiber ring, that this person would like to have access to our INTRANET site.  I can give him access to this, but I want to do it in a way that will not give him access to any other network resources.

So, I've setup a user and a group and made him a part of that group.  I was thinking I can make a group in AD that will only have access to this folder that contains our intranet page, that way if any others request this, I can just add them to the group as well.

Now, I need to know where I go to make it to where this group only has access to this folder?  Is this possible?  Thanks.

Mark
0
Comment
Question by:mark-wa
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 500 total points
ID: 12310781
Mark

Just a thought

check if this would help

How To Configure User and Group Access on an Intranet in Windows NT 4.0 or Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;q300985&sd=tech

Once you create a group, can you go and check here
right-click the folder
go to sharing and security
go to security
and click on Add , click object types and choose group, press advanced and press Find now to find the groups and then add..

Will this help
0
 
LVL 13

Author Comment

by:mark-wa
ID: 12310805
How are you doing Sunray?

Thanks for helping.  I think you might be right on the money with this.  I'll check it out and let you know.  Hope things are going well for you.

Mark
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12310809
I am doing great.. Thanks for asking.. Post back how it goes

0
 
LVL 3

Expert Comment

by:_Jochen_
ID: 12310856
if you create a user/group for accessing the intranet, remove the User from the Domain Users Group and set a policy which denys this group to log on locally on a computer (for security reasons).
jo
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 13

Author Comment

by:mark-wa
ID: 12311503
Jochen, Where do you set this policy up at?

Do I do this throught Local Security Policy.msc on the Server that hosts the folder I want to grant access to?

Or do I go to the Domain Controller and use one of the following:

Security Policy.msc
Domain Security Policy.msc
Domain Controller Security Policy.msc

I have looked through all of these and don't see a place to enter a specific group to have rights to a specific folder, and only that folder for that matter.

I am thinking Sunray's idea might work for me in creating a local user on this server for this user, then they can at least authenticate to that server, but only as a local user with no network rights.  Then, create a group on that server and make him a member of that group and go into the Security settings for the particular folder and grant read only access rights to that folder for that group.  Does that make sense?  I actually currently have it setup that way, but haven't gotten a hold of this user to test.

But I would like to at least know how to do it this other way, using a group policy and such.

Thanks.

Mark
0
 
LVL 3

Expert Comment

by:_Jochen_
ID: 12311837
there is a local security policy on every client: Local policy -> User rights assignment -> Deny logon locally
add the group or user in there.
You have to do this o every client.
I think there is a Group Policy doing the same, but I do´nt know exactly where it is located.
0
 
LVL 3

Expert Comment

by:_anom_
ID: 12315796
No need to do that, just open up his account in active directory and go to the accounts tab, log on to... and dont allow him to login anywhere... i'd also remove him from your domain users group.

Cheers
0
 
LVL 13

Author Comment

by:mark-wa
ID: 12361695
Thank you all for your help.

What I ended up doing was I didn't even set him up with a Domain User Account.  I just setup a local user account on the Server and gave him limited permissions from there.  Then, when he would try to access the folder, it asks him for a username and password, in which he gives the username and password of the local account.  

Worked great!

Thanks again.

Mark
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12361780
Thanks Mark

Appreciate it

SR
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Join & Write a Comment

What is IRC? IRC (Internet Relay Chat) is a form of communication between multiple users. It is available freely to anyone with inernet access. IRC is a great way to communicate with others e.g. There is an IRC channel for Ubuntu Linux, which is fo…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now