Avatar of TMITECHS
TMITECHSFlag for United States of America asked on

How to give a temporary remote user limited access to network files

Environment is windows 2003 domain.

We have need for a temporary outside user to have access to only one set of our network folders. I have created a user ID for this user.

How can I prevent them from having access to anything else including areas that can normally be accessed by "Authenticated Users".

Or perhaps, how can I remove this user from "Authenticated Users"?
Windows Server 2008Active Directory

Avatar of undefined
Last Comment
TMITECHS

8/22/2022 - Mon
SOLUTION
Patrick Bogers

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
fredvr666

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
TMITECHS

To: Patricksr1972

This sounds good but will that user now be able to RDC into our network to access the files they need?

To: fredvr666

Thanks I needed that confirmation that I could not remove a user from Auth Users.
But with the method you describe I need to deny all shares at high level and then grant access at one low level folder. Does this seem right? I don' want to risk overwriting my vast array of permissions.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
TMITECHS

Patricksr1972
Thanks I will try it.

Jullez
The remote user will connect by Terminal Server.
Although, VPN is not out of the question.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
TMITECHS

Thanks both, more good info!

J  How to block "browsing up"?
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Jullez

Depending on the OS you are using on the file server, you could enable Access Based Enumeration.  This is a feature, enabled at the volume level, that allows you to 'see' only things that you have access to. It should prevent the temp user from being able to get to those top level folders.
ASKER
TMITECHS

thanks.
I will try these things.

I will likely award points tomorrow after some testing.
Patrick Bogers

Good luck.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
TMITECHS

Although not completely resolved for me, I appreciate this info that I believe will lead to a solution that I can live with.