setting up a user on network to only be able to access one folder....


I am going blank on this one for some reason.  Here's the scenario:

I have a person that is on a different domain at another location, but we are all connected via a fiber ring, that this person would like to have access to our INTRANET site.  I can give him access to this, but I want to do it in a way that will not give him access to any other network resources.

So, I've setup a user and a group and made him a part of that group.  I was thinking I can make a group in AD that will only have access to this folder that contains our intranet page, that way if any others request this, I can just add them to the group as well.

Now, I need to know where I go to make it to where this group only has access to this folder?  Is this possible?  Thanks.

LVL 13
Who is Participating?
sunray_2003Connect With a Mentor Commented:

Just a thought

check if this would help

How To Configure User and Group Access on an Intranet in Windows NT 4.0 or Windows 2000;en-us;q300985&sd=tech

Once you create a group, can you go and check here
right-click the folder
go to sharing and security
go to security
and click on Add , click object types and choose group, press advanced and press Find now to find the groups and then add..

Will this help
mark-waAuthor Commented:
How are you doing Sunray?

Thanks for helping.  I think you might be right on the money with this.  I'll check it out and let you know.  Hope things are going well for you.

I am doing great.. Thanks for asking.. Post back how it goes

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

if you create a user/group for accessing the intranet, remove the User from the Domain Users Group and set a policy which denys this group to log on locally on a computer (for security reasons).
mark-waAuthor Commented:
Jochen, Where do you set this policy up at?

Do I do this throught Local Security Policy.msc on the Server that hosts the folder I want to grant access to?

Or do I go to the Domain Controller and use one of the following:

Security Policy.msc
Domain Security Policy.msc
Domain Controller Security Policy.msc

I have looked through all of these and don't see a place to enter a specific group to have rights to a specific folder, and only that folder for that matter.

I am thinking Sunray's idea might work for me in creating a local user on this server for this user, then they can at least authenticate to that server, but only as a local user with no network rights.  Then, create a group on that server and make him a member of that group and go into the Security settings for the particular folder and grant read only access rights to that folder for that group.  Does that make sense?  I actually currently have it setup that way, but haven't gotten a hold of this user to test.

But I would like to at least know how to do it this other way, using a group policy and such.


there is a local security policy on every client: Local policy -> User rights assignment -> Deny logon locally
add the group or user in there.
You have to do this o every client.
I think there is a Group Policy doing the same, but I do´nt know exactly where it is located.
No need to do that, just open up his account in active directory and go to the accounts tab, log on to... and dont allow him to login anywhere... i'd also remove him from your domain users group.

mark-waAuthor Commented:
Thank you all for your help.

What I ended up doing was I didn't even set him up with a Domain User Account.  I just setup a local user account on the Server and gave him limited permissions from there.  Then, when he would try to access the folder, it asks him for a username and password, in which he gives the username and password of the local account.  

Worked great!

Thanks again.

Thanks Mark

Appreciate it

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.