Friday, 2 May 2008

Excluding and AD Group from a site.

I was asked what's the best way to exclude specific users from a SharePoint site that all authenticated users had access too.

It's very simple. Simply create a AD group and add those users to the group, then through Central Admin, create a policy to deny them access. To do this:
  • Go to Central Admin,
  • Click Application Management
  • Click Policy for Web Application
  • Click Add Users
  • Select the Web Application you want to deny users access to
  • Click next
  • In the users box, put the AD group (or if you didn't create the AD group, simply put the Usernames in there)
  • Click the Deny All or Deny write check box (or if you want to only give a specific user access, grant all)
  • Click Finished

Now the users in that group can't access the site, even though Authenticated Users have permission on the site level.

If you need any help doing this, please ask.



Anonymous said...

This is just what I've been looking for - thanks so much!!

Anonymous said...

This is great, really helped me out at work - thanks a lot!! Nicola