Hi,
I have a windows 2019 server domain and want to deny the file sharing for a specify AD user. But the AD user should allow to connect to the other machines per RDP.
But only the file sharing should be denied all of the domain machines.
Hi,
I have a windows 2019 server domain and want to deny the file sharing for a specify AD user. But the AD user should allow to connect to the other machines per RDP.
But only the file sharing should be denied all of the domain machines.
Hello @MPEG,
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
IF you cannot test on your lab, how can test the professional support? You can contact the professional support himself, because you are from Microsoft.
Hello @MPEG,
Thank you for your reply.
MS Professional tech support service need to pay.
Their technology is more professional and advanced, but I am not sure whether your needs can be achieved.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Your recommendation for professional support, can I not understand. As I know you have some test machine. you can test it on your environment
Hello @MPEG,
Thank you for your reply.
Yes, I can test in my lab. But I cannot find a test that meets your needs.
Thank you for your understanding and support.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Hello @MPEG,
Thank you for your reply.
Based on my knowledge, I am not sure if there is such method to achieve your requirements.
If you must study whether there is such a method, I suggest you submit a service request to MS Professional tech support service so that a dedicated support professional can further assist you with this request.
The following web site for more detail of Professional Support Options and incident submission methods is for your reference:
https://support.microsoft.com/en-in/gp/contactus81?forceorigin=esmc&Audience=Commercial
https://support.microsoft.com/en-us/help/4051701/global-customer-service-phone-numbers
Thank you for your understanding and support.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
No I cannot block the specify AD User on PC1-PC4. They have to work per RDP on these 4 machines.
Hello @MPEG,
Thank you for your reply.
So I understand your request as below:
Scenario:
1-A specify AD user
2-File servers:
fileserver1 with many shared folders on it
fileserver2 with many shared folders on it
3-Client PCs:
PC1,PC2,PC3 and PC4
The specify AD user RDP to PC1(PC2,PC3 and PC4) and you do not want he/she to access "these PCs and shared folders on them".
The specify AD user RDP to PC5 (or other machines except PC1-PC4) and you want he/she to access these PCs and shared folders on them.
And if the other users except this specify AD user log on PC1(PC2,PC3 and PC4 and all other machines) and you want them to access these PCs and shared folders on them.
If I understand it correctly, I think you should block specify AD user to access PC1-PC4 instead of blocking to access shared folders on them. Based on my knowledge, there is no such an existing GPO setting to configure it.
Maybe firewall or other methods can be used to try.
Hope the information above is helpful.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Hello,
I have 4 machines named pc1-pc4. The AD user login on that machines per RDT. So we have many shared folder on some machine in the domain for example "fileserver" and "inventar". On the both machines "fileserver" and "inventar" we have many shared folder.
So I want to have if the AD user login to the machines pc1-pc4, from there should not have any access on the both machines "fileserver" and "inventar" and shared folder.
Hope that helps
I did not add any specify client machine. I ask you ho can I add?
Because the AD User does not allow from specify machine to access the shared folder
Hello @MPEG,
Thank you for your reply.
I understand your requirements are below, is it right?
For the same shared folder, and for the same AD user, if this AD user logs on PC1, she/he can access this shared folder, but if the same AD user logs on PC2, you do not want she/he to be able to access this shared folder.
If anything I misunderstood, please correct me and please describe your requirements in details so that I can help you better.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
And how to add the specify client machine? The AD user does not allow to access from specify machine to the shared folder
Hello @MPEG,
Thank you for your reply.
Q: And how to add the specify client machine?
A: Where did you add the specify client machine? Would you please provide the screenshot?
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Hello @MPEG,
Thank you for your reply.
You can select shared file on the file server.
For example:
But you only can deny domain users or groups.
Hope the information above is also helpful.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
I think you still has not understand what I want. If I click on add file, it is only locally files. But my files and shares are on the fileserver and not on the domain.
That is important:
So if there any way to deny for specify AD User in the specify machine to deny that with GPO?
8 people are following this question.