|Subject:||Active Directly User Account Permissions|
|Posted by:||John L|
|Date:||Tue, 10 Aug 2010|
We are looking to add a particular user to our Active Directory with limited
permissions to certain designated folder locations on the network. We are
having some issues getting this configured correctly, however.
The main issue is that I have been unable to restrict this said user account
from being able to access root level network paths and I suspect that this
may be the result of having applied the standard â€œEveryoneâ€ permission to
some of the Root level folders.
Is there a way to remove *certain* users from the â€œEveryoneâ€ category? Or
is that the point of having that â€œEveryoneâ€ category; that being that
â€œEveryoneâ€ means every user account on the domain, regardless of the other
security settings which may have been applied.
In my attempt to get this configured correctly, I have removed this user
from the standard â€œUsersâ€ group, hoping that this would produce the results
that I need (I basically created a secondary group which does not yet have
permissions to any network locations and added this user account to that
group. Then, I removed this user from the standard â€œUsers group). However,
this user account can still access root level network locations that I need
to restrict the account from accessing.
I sincerely appreciate the help and suggestions.