[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

setting up a user on network to only be able to access one folder....

Posted on 2004-10-14
9
Medium Priority
?
175 Views
Last Modified: 2010-04-10
Hi,

I am going blank on this one for some reason.  Here's the scenario:

I have a person that is on a different domain at another location, but we are all connected via a fiber ring, that this person would like to have access to our INTRANET site.  I can give him access to this, but I want to do it in a way that will not give him access to any other network resources.

So, I've setup a user and a group and made him a part of that group.  I was thinking I can make a group in AD that will only have access to this folder that contains our intranet page, that way if any others request this, I can just add them to the group as well.

Now, I need to know where I go to make it to where this group only has access to this folder?  Is this possible?  Thanks.

Mark
0
Comment
Question by:mark-wa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 2000 total points
ID: 12310781
Mark

Just a thought

check if this would help

How To Configure User and Group Access on an Intranet in Windows NT 4.0 or Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;q300985&sd=tech

Once you create a group, can you go and check here
right-click the folder
go to sharing and security
go to security
and click on Add , click object types and choose group, press advanced and press Find now to find the groups and then add..

Will this help
0
 
LVL 13

Author Comment

by:mark-wa
ID: 12310805
How are you doing Sunray?

Thanks for helping.  I think you might be right on the money with this.  I'll check it out and let you know.  Hope things are going well for you.

Mark
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12310809
I am doing great.. Thanks for asking.. Post back how it goes

0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 3

Expert Comment

by:_Jochen_
ID: 12310856
if you create a user/group for accessing the intranet, remove the User from the Domain Users Group and set a policy which denys this group to log on locally on a computer (for security reasons).
jo
0
 
LVL 13

Author Comment

by:mark-wa
ID: 12311503
Jochen, Where do you set this policy up at?

Do I do this throught Local Security Policy.msc on the Server that hosts the folder I want to grant access to?

Or do I go to the Domain Controller and use one of the following:

Security Policy.msc
Domain Security Policy.msc
Domain Controller Security Policy.msc

I have looked through all of these and don't see a place to enter a specific group to have rights to a specific folder, and only that folder for that matter.

I am thinking Sunray's idea might work for me in creating a local user on this server for this user, then they can at least authenticate to that server, but only as a local user with no network rights.  Then, create a group on that server and make him a member of that group and go into the Security settings for the particular folder and grant read only access rights to that folder for that group.  Does that make sense?  I actually currently have it setup that way, but haven't gotten a hold of this user to test.

But I would like to at least know how to do it this other way, using a group policy and such.

Thanks.

Mark
0
 
LVL 3

Expert Comment

by:_Jochen_
ID: 12311837
there is a local security policy on every client: Local policy -> User rights assignment -> Deny logon locally
add the group or user in there.
You have to do this o every client.
I think there is a Group Policy doing the same, but I do´nt know exactly where it is located.
0
 
LVL 3

Expert Comment

by:_anom_
ID: 12315796
No need to do that, just open up his account in active directory and go to the accounts tab, log on to... and dont allow him to login anywhere... i'd also remove him from your domain users group.

Cheers
0
 
LVL 13

Author Comment

by:mark-wa
ID: 12361695
Thank you all for your help.

What I ended up doing was I didn't even set him up with a Domain User Account.  I just setup a local user account on the Server and gave him limited permissions from there.  Then, when he would try to access the folder, it asks him for a username and password, in which he gives the username and password of the local account.  

Worked great!

Thanks again.

Mark
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12361780
Thanks Mark

Appreciate it

SR
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question