Solved

setting up a user on network to only be able to access one folder....

Posted on 2004-10-14
9
169 Views
Last Modified: 2010-04-10
Hi,

I am going blank on this one for some reason.  Here's the scenario:

I have a person that is on a different domain at another location, but we are all connected via a fiber ring, that this person would like to have access to our INTRANET site.  I can give him access to this, but I want to do it in a way that will not give him access to any other network resources.

So, I've setup a user and a group and made him a part of that group.  I was thinking I can make a group in AD that will only have access to this folder that contains our intranet page, that way if any others request this, I can just add them to the group as well.

Now, I need to know where I go to make it to where this group only has access to this folder?  Is this possible?  Thanks.

Mark
0
Comment
Question by:mark-wa
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 500 total points
ID: 12310781
Mark

Just a thought

check if this would help

How To Configure User and Group Access on an Intranet in Windows NT 4.0 or Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;q300985&sd=tech

Once you create a group, can you go and check here
right-click the folder
go to sharing and security
go to security
and click on Add , click object types and choose group, press advanced and press Find now to find the groups and then add..

Will this help
0
 
LVL 13

Author Comment

by:mark-wa
ID: 12310805
How are you doing Sunray?

Thanks for helping.  I think you might be right on the money with this.  I'll check it out and let you know.  Hope things are going well for you.

Mark
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12310809
I am doing great.. Thanks for asking.. Post back how it goes

0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 3

Expert Comment

by:_Jochen_
ID: 12310856
if you create a user/group for accessing the intranet, remove the User from the Domain Users Group and set a policy which denys this group to log on locally on a computer (for security reasons).
jo
0
 
LVL 13

Author Comment

by:mark-wa
ID: 12311503
Jochen, Where do you set this policy up at?

Do I do this throught Local Security Policy.msc on the Server that hosts the folder I want to grant access to?

Or do I go to the Domain Controller and use one of the following:

Security Policy.msc
Domain Security Policy.msc
Domain Controller Security Policy.msc

I have looked through all of these and don't see a place to enter a specific group to have rights to a specific folder, and only that folder for that matter.

I am thinking Sunray's idea might work for me in creating a local user on this server for this user, then they can at least authenticate to that server, but only as a local user with no network rights.  Then, create a group on that server and make him a member of that group and go into the Security settings for the particular folder and grant read only access rights to that folder for that group.  Does that make sense?  I actually currently have it setup that way, but haven't gotten a hold of this user to test.

But I would like to at least know how to do it this other way, using a group policy and such.

Thanks.

Mark
0
 
LVL 3

Expert Comment

by:_Jochen_
ID: 12311837
there is a local security policy on every client: Local policy -> User rights assignment -> Deny logon locally
add the group or user in there.
You have to do this o every client.
I think there is a Group Policy doing the same, but I do´nt know exactly where it is located.
0
 
LVL 3

Expert Comment

by:_anom_
ID: 12315796
No need to do that, just open up his account in active directory and go to the accounts tab, log on to... and dont allow him to login anywhere... i'd also remove him from your domain users group.

Cheers
0
 
LVL 13

Author Comment

by:mark-wa
ID: 12361695
Thank you all for your help.

What I ended up doing was I didn't even set him up with a Domain User Account.  I just setup a local user account on the Server and gave him limited permissions from there.  Then, when he would try to access the folder, it asks him for a username and password, in which he gives the username and password of the local account.  

Worked great!

Thanks again.

Mark
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12361780
Thanks Mark

Appreciate it

SR
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question