How to prevent or block users to have access network sharing folder \\servername\folder_share

Question

Hello all,

I’m using windows server 2022 azure portal

When users have network sharing path they can have access to delete or create C drive using server name plus share folder name like this way \servername\folder_share

So how to block this domain users to view all these network sharing folders using GPO and they will get massage saying you don’t have access or deny massage.

Please guide

Thank you in advance.

Answer 1

Hello Friends

Hope you have a lovely day!

To restrict access to a network shared folder on Windows Server 2022 and ensure that domain users receive a message indicating they do not have access when they try to connect, you can use Group Policy in conjunction with proper file sharing permissions. Here’s how you can go about this:

---

Step 1: Set Proper NTFS Permissions

Before you manage permissions via Group Policy, ensure the NTFS permissions on the folder itself are correctly set:

1. Navigate to the folder you’re sharing (e.g., \\servername\folder_share).
2. **Right-click the folder** and select **Properties**.
3. Go to the **Security tab**.
4. Click **Edit** to modify permissions.
5. **Remove** or **Modify** the permissions of the users or groups who shouldn’t have access. If you want to block all domain users, ensure that the Domain Users group is either not listed or set to Deny for both Read and Write permissions. It’s usually better to simply not add or remove the group than to use Deny, as Deny can override other permissions.
6. Click **Apply** and then **OK**.

---

Step 2: Share Permissions

Adjust the permissions on the share itself:

1. In the **Properties** of the folder, go to the **Sharing tab**.
2. Click **Advanced Sharing**.
3. Click **Permissions**.
4. Ensure that the Everyone group is either not listed or their permissions are restricted as needed. You could also specifically set Deny permissions here, but it’s generally safer and more manageable to restrict permissions rather than deny them.

Step 3: Using Group Policy

To use Group Policy to further enforce access rules or notify users:

1. Open Group Policy Management on your server (you might need to install this feature via the Server Manager if it’s not already installed).
2. Either edit an existing GPO or create a new one and link it to the Organizational Unit (OU) where the user accounts reside.
3. Navigate to:User Configuration -> Policies -> Administrative Templates -> Network -> Network Connections
4. Look for settings that can restrict access to network paths or use the **Windows Settings** -> **Security Settings** to adjust file system permissions.
5. Set appropriate policies that might be relevant to blocking file share access.

---

Step 4: Communication and Enforcement

To communicate access restrictions to users:

• Implement a Group Policy that sets up a Logon Message:
  1. Edit or create a Group Policy Object linked to the users.
  2. Navigate to: Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
  3. Find and configure Interactive logon: Message text for users attempting to log on**. You can use this policy to display a message about restricted access to certain network resources.

Final Thoughts

After setting up both NTFS and share permissions, along with any applicable Group Policies, ensure to:

• Update Group Policy on all client machines by running gpupdate /force on each client machine or waiting for the next automatic Group Policy refresh cycle.
• Test the configurationwith a user account that should be restricted to ensure that the access is configured correctly.

Always make sure that changes in permissions and policies are documented and communicated clearly to the IT team and affected users to avoid confusion and support calls.

Best regards

Rosy