How do you block a user from opening a folder, when that group has full permissions?
- In AD uncheck Allow on the User in the group
- Explicit Deny User on the folder
- Click Stop Permissions on the User in AD
- Create Exception on the folder for User
EXPLANATION
Access Based Enumeration will be your best solution. That way even though the user account may be able to see a share, they can't see any of the contents. You could go a step further and create a Deny-SMB security group with that account as its sole member and then nest all of your other user level security groups in a group that is granted permissions to access shares.
Overall, more information is going to make the best possible route easier to recommend
Please report us in comment box if answer is incorrect.
You're Correct man!!
ReplyDeleteEXPLANATION
Explicit Deny takes precedence over all allowed settings. The administrator has explicitly set the permission, and there is no way around it. The rest are fake answers
SOURCE
https://underthehood-autodesk.typepad.com/blog/2016/05/understanding-the-deny-permission.html