Share via

Domain and File sharing for AD user

MPEG 336 Reputation points
2021-06-16T07:16:57.337+00:00

Hi,

I have a windows 2019 server domain and want to deny the file sharing for a specify AD user. But the AD user should allow to connect to the other machines per RDP.
But only the file sharing should be denied all of the domain machines.

Windows for business | Windows Server | User experience | Other

13 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-06-17T03:23:44.067+00:00

    Hello @MPEG ,

    Thank you for posting here.

    Based on the description, if you create a file on domain server and deny the file sharing (deny share permissions and deny NTFS permissions) for a specify AD user, no matter this specify AD user logs on any
    domain machines, this specify AD user cannot access the file sharing.

    But the AD user can connect to the other machines per RDP as long as the user has RDP logon permission on the other machines.

    Hope the information above is also helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments
  2. MPEG 336 Reputation points
    2021-06-17T07:40:26.177+00:00

    You understand my question wrong. I dont wan to create a file on the domain, my question was generally.

    for example, we have a file server and we have many shares on the machine. The AD user can access to the sharing with \fileserver or \fileserver\C$.

    So if there any way to deny for specify AD User in the specify machine to deny that with GPO?

    0 comments
  3. Anonymous
    2021-06-17T09:15:42.9+00:00

    Hello @MPEG ,

    Thank you for your reply.

    You can try the following gpo to see if it helps.

    Navigate to Computer Configuration\Policies\Windows Settings\Security Settings;
    Right Mouse Button click on File System and click Add File;

    Hope the information above is also helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments
  4. MPEG 336 Reputation points
    2021-06-17T09:35:35.007+00:00

    I think you still has not understand what I want. If I click on add file, it is only locally files. But my files and shares are on the fileserver and not on the domain.

    That is important:

    So if there any way to deny for specify AD User in the specify machine to deny that with GPO?

    0 comments
  5. Anonymous
    2021-06-17T09:42:18.417+00:00

    Hello @MPEG ,

    Thank you for your reply.

    You can select shared file on the file server.

    For example:
    106592-fi1.png

    But you only can deny domain users or groups.
    106557-fi2.png

    Hope the information above is also helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.