Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how to limit active dir user to access to one only folder with server 2003

Posted on 2011-03-25
8
Medium Priority
?
383 Views
Last Modified: 2012-05-11
I have about ten users on a doamin and the server is maily just file and domain server. Im using logmein so as users can acess a shared folder. I have one user though whom i wish to restict to that folder only. I want it so that when he logs on to the server with his domain credentials through lmi. the desktop only shows that folder and no other. I dont want him to see any other folderr or drives --not c drive , not  program files etc -- just the one shared folder. Any ideas anyone and thanks in advance.
0
Comment
Question by:LeighJor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 10

Assisted Solution

by:Muzafar Momin
Muzafar Momin earned 640 total points
ID: 35213571
you will need to setup seperate group policy for him for hidding the drive and folder and setup login script to map the only folder that you want him to see
0
 

Author Comment

by:LeighJor
ID: 35213664
whereabouts  can i set up group policy
0
 
LVL 32

Assisted Solution

by:nappy_d
nappy_d earned 640 total points
ID: 35213889
You can hide drives via a GPO but you cannot hide folders.

To restrict directory access, you need to use NTFS permissions.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:LeighJor
ID: 35213943
Thanks nappy_d but how and where do i find GPO. I can restrict his access to directories and folders ok it is mainly the c: drive i want to hide
0
 
LVL 11

Accepted Solution

by:
TheGorby earned 720 total points
ID: 35214936
Why do they need to actually log onto the server using LMI? Couldn't you just share the one folder he needs access to and map a drive to it on his own computer?
0
 

Author Comment

by:LeighJor
ID: 35220023
No TheGorby its a large resources folder shared by many, He has to logon remotely as do  10 others.unfortunately this guy only has to look at a folder and sudenly its sub folders disappear and reappear later in windows system folder or some other. He is a valuable intelligent employee with post grad quals but thats just tghe way it is.
0
 
LVL 11

Expert Comment

by:TheGorby
ID: 35222127
Ah yes, the classic "accidental drag-and-drop", always discovered when a user insists that several folders managed to delete themselves!

Ok so the user logs into the server from a remote site, using LMI. I assume you're using the Active Directory authentication integration with LMI? I'm not too familiar with that, when used that way are users then able to access domain resources as if they were logged onto the server with their own domain account?
0
 

Author Comment

by:LeighJor
ID: 35223885
They use AD authentication to logon to server. LMI permissions will not allow them to delete anything. Unfortunately though the can see folders on other drives c: and e: though they canot access them  and they can access system files etc on c:
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question