i have a main OU EDI with 2 child OU Sales and technical. I want to restrict the users in technical OU from accessing the shared resources in Sales OU

i tried by adding one technical OU user into Sales Security in group policy and applied deny all. but this doesnt wor

any help will be appreciated

Create a group and add all the users from the technical OU to the group. Then on the
servers offering shares to the sales OU you do not want them to access, add that
group to the user right for "deny access to this computer from the network". You
could do that in the Local Security Policy of each server or at the OU level via a
GPO if all the servers are in an OU structure. --- Steve


"shoeb" <(E-Mail Removed)> wrote in message
news:747B9BA2-9E83-4D43-A20C-(E-Mail Removed)...
> i have a main OU EDI with 2 child OU Sales and technical. I want to restrict the
users in technical OU from accessing the shared resources in Sales OU.
>
> i tried by adding one technical OU user into Sales Security in group policy and
applied deny all. but this doesnt work
>
> any help will be appreciated

That might be a little overboard (and wouldn't work if
the same server offered shares to the technical group).
Perhaps just NTFS/share permissions would work better for
this situation?

Just an idea..
Ken

>-----Original Message-----
>Create a group and add all the users from the technical
OU to the group. Then on the
>servers offering shares to the sales OU you do not want
them to access, add that
>group to the user right for "deny access to this
computer from the network". You
>could do that in the Local Security Policy of each
server or at the OU level via a
>GPO if all the servers are in an OU structure. --- Steve
>
>
>"shoeb" <(E-Mail Removed)> wrote in message
>news:747B9BA2-9E83-4D43-A20C-
(E-Mail Removed)...
>> i have a main OU EDI with 2 child OU Sales and
technical. I want to restrict the
>users in technical OU from accessing the shared
resources in Sales OU.
>>
>> i tried by adding one technical OU user into Sales
Security in group policy and
>applied deny all. but this doesnt work
>>
>> any help will be appreciated
>
>
>.
>

That is true. I had the impression that the server would only offer shares to the
sales group and a deny to the server would protect from unauthorized access in case
of a share/ntfs permissions being to permissive or to browse Computer
anagement. --- Steve

"Ken" <(E-Mail Removed)> wrote in message
news:1940101c44c92$a43f8920$(E-Mail Removed)...
> That might be a little overboard (and wouldn't work if
> the same server offered shares to the technical group).
> Perhaps just NTFS/share permissions would work better for
> this situation?
>
> Just an idea..
> Ken
>
> >-----Original Message-----
> >Create a group and add all the users from the technical
> OU to the group. Then on the
> >servers offering shares to the sales OU you do not want
> them to access, add that
> >group to the user right for "deny access to this
> computer from the network". You
> >could do that in the Local Security Policy of each
> server or at the OU level via a
> >GPO if all the servers are in an OU structure. --- Steve
> >
> >
> >"shoeb" <(E-Mail Removed)> wrote in message
> >news:747B9BA2-9E83-4D43-A20C-
> (E-Mail Removed)...
> >> i have a main OU EDI with 2 child OU Sales and
> technical. I want to restrict the
> >users in technical OU from accessing the shared
> resources in Sales OU.
> >>
> >> i tried by adding one technical OU user into Sales
> Security in group policy and
> >applied deny all. but this doesnt work
> >>
> >> any help will be appreciated
> >
> >
> >.
> >