Anonymous
Anonymous asked in Computers & InternetSecurity · 7 years ago

Security Group (AD 2003)?

I add the user in the Global Security Group (IT Department), and create a folder that add the IT Department in security permission.

After doing this, other user that is not member of IT department Security Group have also access to the folder i made exclusive for IT Department only.

What is the right setup to do in making a folder accessible to a specific group only.

Update:

HI Jeff, after following your instruction - remove MACHINE\Users and Everyone

the user which is not a member of Security Group IT Department cannot access the files in the folder

but the member of IT Dept cannot access too..

the folder can be accessed by the member of IT DEp't if i add the Machine\Users to the folder, but still it can access by all the users joined in domain

1 Answer

Relevance
  • Jeff P
    Lv 7
    7 years ago
    Best Answer

    Make sure only the necessary groups/users are in there. Remove anything but the following groups:

    CREATOR OWNER

    SYSTEM

    Administrators (MACHINE\Administrators)

    IT Dept (DOMAIN\IT Dept)

    If you see any groups like the following:

    Users (MACHINE\Users)

    Everyone

    Authenticated Users

    Remove them--they're allowing other users to access the folder.

Still have questions? Get your answers by asking now.