Hi,
I have a windows 2019 server domain and want to deny the file sharing for a specify AD user. But the AD user should allow to connect to the other machines per RDP.
But only the file sharing should be denied all of the domain machines.
Hi,
I have a windows 2019 server domain and want to deny the file sharing for a specify AD user. But the AD user should allow to connect to the other machines per RDP.
But only the file sharing should be denied all of the domain machines.
Hello @MPEG,
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Hello @MPEG,
Thank you for posting here.
Based on the description, if you create a file on domain server and deny the file sharing (deny share permissions and deny NTFS permissions) for a specify AD user, no matter this specify AD user logs on any
domain machines, this specify AD user cannot access the file sharing.
But the AD user can connect to the other machines per RDP as long as the user has RDP logon permission on the other machines.
Hope the information above is also helpful.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
You understand my question wrong. I dont wan to create a file on the domain, my question was generally.
for example, we have a file server and we have many shares on the machine. The AD user can access to the sharing with \\fileserver or \\fileserver\C$.
So if there any way to deny for specify AD User in the specify machine to deny that with GPO?
Hello @MPEG,
Thank you for your reply.
You can try the following gpo to see if it helps.
Navigate to Computer Configuration\Policies\Windows Settings\Security Settings;
Right Mouse Button click on File System and click Add File;
Hope the information above is also helpful.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
I think you still has not understand what I want. If I click on add file, it is only locally files. But my files and shares are on the fileserver and not on the domain.
That is important:
So if there any way to deny for specify AD User in the specify machine to deny that with GPO?
Hello @MPEG,
Thank you for your reply.
You can select shared file on the file server.
For example:
But you only can deny domain users or groups.
Hope the information above is also helpful.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
And how to add the specify client machine? The AD user does not allow to access from specify machine to the shared folder
Hello @MPEG,
Thank you for your reply.
Q: And how to add the specify client machine?
A: Where did you add the specify client machine? Would you please provide the screenshot?
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
I did not add any specify client machine. I ask you ho can I add?
Because the AD User does not allow from specify machine to access the shared folder
Hello @MPEG,
Thank you for your reply.
I understand your requirements are below, is it right?
For the same shared folder, and for the same AD user, if this AD user logs on PC1, she/he can access this shared folder, but if the same AD user logs on PC2, you do not want she/he to be able to access this shared folder.
If anything I misunderstood, please correct me and please describe your requirements in details so that I can help you better.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Hello,
I have 4 machines named pc1-pc4. The AD user login on that machines per RDT. So we have many shared folder on some machine in the domain for example "fileserver" and "inventar". On the both machines "fileserver" and "inventar" we have many shared folder.
So I want to have if the AD user login to the machines pc1-pc4, from there should not have any access on the both machines "fileserver" and "inventar" and shared folder.
Hope that helps
Hello @MPEG,
Thank you for your reply.
So I understand your request as below:
Scenario:
1-A specify AD user
2-File servers:
fileserver1 with many shared folders on it
fileserver2 with many shared folders on it
3-Client PCs:
PC1,PC2,PC3 and PC4
The specify AD user RDP to PC1(PC2,PC3 and PC4) and you do not want he/she to access "these PCs and shared folders on them".
The specify AD user RDP to PC5 (or other machines except PC1-PC4) and you want he/she to access these PCs and shared folders on them.
And if the other users except this specify AD user log on PC1(PC2,PC3 and PC4 and all other machines) and you want them to access these PCs and shared folders on them.
If I understand it correctly, I think you should block specify AD user to access PC1-PC4 instead of blocking to access shared folders on them. Based on my knowledge, there is no such an existing GPO setting to configure it.
Maybe firewall or other methods can be used to try.
Hope the information above is helpful.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
No I cannot block the specify AD User on PC1-PC4. They have to work per RDP on these 4 machines.
8 people are following this question.