IT Questions and Answers :)

Sunday, April 21, 2019

How do you block a user from opening a folder, when that group has full permissions?

How do you block a user from opening a folder, when that group has full permissions?

  • In AD uncheck Allow on the User in the group
  • Explicit Deny User on the folder [Partially correct Not Verified by techlanda's]
  • Click Stop Permissions on the User in AD
  • Create Exception on the folder for User 
 

EXPLANATION

Access Based Enumeration will be your best solution. That way even though the user account may be able to see a share, they can't see any of the contents. You could go a step further and create a Deny-SMB security group with that account as its sole member and then nest all of your other user level security groups in a group that is granted permissions to access shares.


Overall, more information is going to make the best possible route easier to recommend

Please report us in comment box if answer is incorrect.
Share:

1 comment:

  1. You're Correct man!!

    EXPLANATION

    Explicit Deny takes precedence over all allowed settings. The administrator has explicitly set the permission, and there is no way around it. The rest are fake answers
    SOURCE
    https://underthehood-autodesk.typepad.com/blog/2016/05/understanding-the-deny-permission.html

    ReplyDelete

Popular Posts