?
Solved

setting up a user on network to only be able to access one folder....

Posted on 2004-10-14
9
Medium Priority
?
173 Views
Last Modified: 2010-04-10
Hi,

I am going blank on this one for some reason.  Here's the scenario:

I have a person that is on a different domain at another location, but we are all connected via a fiber ring, that this person would like to have access to our INTRANET site.  I can give him access to this, but I want to do it in a way that will not give him access to any other network resources.

So, I've setup a user and a group and made him a part of that group.  I was thinking I can make a group in AD that will only have access to this folder that contains our intranet page, that way if any others request this, I can just add them to the group as well.

Now, I need to know where I go to make it to where this group only has access to this folder?  Is this possible?  Thanks.

Mark
0
Comment
Question by:mark-wa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 2000 total points
ID: 12310781
Mark

Just a thought

check if this would help

How To Configure User and Group Access on an Intranet in Windows NT 4.0 or Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;q300985&sd=tech

Once you create a group, can you go and check here
right-click the folder
go to sharing and security
go to security
and click on Add , click object types and choose group, press advanced and press Find now to find the groups and then add..

Will this help
0
 
LVL 13

Author Comment

by:mark-wa
ID: 12310805
How are you doing Sunray?

Thanks for helping.  I think you might be right on the money with this.  I'll check it out and let you know.  Hope things are going well for you.

Mark
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12310809
I am doing great.. Thanks for asking.. Post back how it goes

0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 3

Expert Comment

by:_Jochen_
ID: 12310856
if you create a user/group for accessing the intranet, remove the User from the Domain Users Group and set a policy which denys this group to log on locally on a computer (for security reasons).
jo
0
 
LVL 13

Author Comment

by:mark-wa
ID: 12311503
Jochen, Where do you set this policy up at?

Do I do this throught Local Security Policy.msc on the Server that hosts the folder I want to grant access to?

Or do I go to the Domain Controller and use one of the following:

Security Policy.msc
Domain Security Policy.msc
Domain Controller Security Policy.msc

I have looked through all of these and don't see a place to enter a specific group to have rights to a specific folder, and only that folder for that matter.

I am thinking Sunray's idea might work for me in creating a local user on this server for this user, then they can at least authenticate to that server, but only as a local user with no network rights.  Then, create a group on that server and make him a member of that group and go into the Security settings for the particular folder and grant read only access rights to that folder for that group.  Does that make sense?  I actually currently have it setup that way, but haven't gotten a hold of this user to test.

But I would like to at least know how to do it this other way, using a group policy and such.

Thanks.

Mark
0
 
LVL 3

Expert Comment

by:_Jochen_
ID: 12311837
there is a local security policy on every client: Local policy -> User rights assignment -> Deny logon locally
add the group or user in there.
You have to do this o every client.
I think there is a Group Policy doing the same, but I do´nt know exactly where it is located.
0
 
LVL 3

Expert Comment

by:_anom_
ID: 12315796
No need to do that, just open up his account in active directory and go to the accounts tab, log on to... and dont allow him to login anywhere... i'd also remove him from your domain users group.

Cheers
0
 
LVL 13

Author Comment

by:mark-wa
ID: 12361695
Thank you all for your help.

What I ended up doing was I didn't even set him up with a Domain User Account.  I just setup a local user account on the Server and gave him limited permissions from there.  Then, when he would try to access the folder, it asks him for a username and password, in which he gives the username and password of the local account.  

Worked great!

Thanks again.

Mark
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12361780
Thanks Mark

Appreciate it

SR
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question