|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
can this be done easilyI have a AD network with 3 2003 DCs. Most of our workstations are attached to the domain while only 40 PCs are non-domain machines. What I would like to do is to allow all non-domain PCs to be able to access one shared folder in one of the member server within the domain using one particular user account. I created a group called nondomainuser and put a newly created user account into the group. I removed this user from the domain users group so it only belong to the nondomainuser group. On the shared folder, I setup the Share/NTFS permission so that only the nondomainuser group have read access to it. With this setup, the user is able to access the shared folder without problem. However, this account is also able to access shared folders that are accessible by the members in the domain users group which is something I don't want. The thing that I don't understand is this user account is not a member of the domain users, but he is still able to access shared folders that are for members of the domain users. Can someone advice me if there is any simple solution for such problem? Thanks OM This apparently has nothing to do with topic of this newsgroup.
Apparently the folders to which the account does have access but should not have grants to more than just Domain Users but you did not say to what those shares are granted. Show quoteHide quote "OM" <o*@discussions.microsoft.com> wrote in message news:eQ8$yMatGHA.3240@TK2MSFTNGP03.phx.gbl... > Hi, > > I have a AD network with 3 2003 DCs. Most of our workstations are attached > to the domain while only 40 PCs are non-domain machines. > > What I would like to do is to allow all non-domain PCs to be able to > access one shared folder in one of the member server within the domain > using one particular user account. > > I created a group called nondomainuser and put a newly created user > account into the group. I removed this user from the domain users group so > it only belong to the nondomainuser group. On the shared folder, I setup > the Share/NTFS permission so that only the nondomainuser group have read > access to it. With this setup, the user is able to access the shared > folder without problem. However, this account is also able to access > shared folders that are accessible by the members in the domain users > group which is something I don't want. The thing that I don't understand > is this user account is not a member of the domain users, but he is still > able to access shared folders that are for members of the domain users. > > Can someone advice me if there is any simple solution for such problem? > > Thanks > > OM 
Other interesting topics
Network/Web Site Authentication
iis problems with some xp clients - kerberos issue? IIS + SQL (Not enough storage is available to complete this operation) Virtual Directory On UNC Share Not Writable changing "CN" name Network service default permissions Grant Users Permissions to Modify IIS without Having Full Admin Ri HTTP 405: The HTTP verb used to access this page is not allowed IIS 5.0 vs IIS 6.0 Application Pool Identity |
|||||||||||||||||||||||
