denying user restriction

[Guest]

i have a main OU EDI with 2 child OU Sales and technical. I want to restrict the users in technical OU from accessing the shared resources in Sales OU

i tried by adding one technical OU user into Sales Security in group policy and applied deny all. but this doesnt wor

any help will be appreciated

 

[Steven L Umbach]

Create a group and add all the users from the technical OU to the group. Then on the
servers offering shares to the sales OU you do not want them to access, add that
group to the user right for "deny access to this computer from the network". You
could do that in the Local Security Policy of each server or at the OU level via a
GPO if all the servers are in an OU structure. --- Steve

i have a main OU EDI with 2 child OU Sales and technical. I want to restrict the

users in technical OU from accessing the shared resources in Sales OU.

i tried by adding one technical OU user into Sales Security in group policy and

applied deny all. but this doesnt work

 

[Ken]

That might be a little overboard (and wouldn't work if
the same server offered shares to the technical group).
Perhaps just NTFS/share permissions would work better for
this situation?

Just an idea..
Ken

-----Original Message-----
Create a group and add all the users from the technical OU to the group. Then on the
servers offering shares to the sales OU you do not want them to access, add that
group to the user right for "deny access to this

computer from the network". You

could do that in the Local Security Policy of each

server or at the OU level via a

GPO if all the servers are in an OU structure. --- Steve

technical. I want to restrict the

 

[Steven L Umbach]

That is true. I had the impression that the server would only offer shares to the
sales group and a deny to the server would protect from unauthorized access in case
of a share/ntfs permissions being to permissive or to browse Computer
anagement. --- Steve