MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Disallow an AD Security Group from a Site Collection

  Asked By: Shikha    Date: Mar 15    Category: MOSS    Views: 1473

We have a MOSS 2007 farm and are using AD Security Groups to populate
the SharePoint groups in our site collections. On various sites we have
the Domain Users with view privelages, we also have an AD Security Group
named Contractors that while it's members are a part of the Domain Users
group, we need to disallow or exclude them from the sites while still
allowing the remaining Domain Users privelages.

Coming from the Network Folder structures it was simply denying the
group access, I was going to try adding the Contractors to a group
without privelages (an empty SharePoint permissions group) but you have
to assign at least 1 privelage to a SharePoint group (open).

Creating a seperate group in AD would be far to cumberson on our domain.



1 Answer Found

Answer #1    Answered By: Delilah Mcpherson     Answered On: Mar 15

You can do this at the level of the Web Application, but not at the level of the
Site Collection. To do it for a whole web application you need to add the group
to a Web Application Permission Policy Level that denies them ALL permissions to
any site  in the Web Application. This is the one place in SharePoint where you
can do a deny. Everywhere else permissions are always additive. You can do
this in Central Admin -> Application Management -> Application Security ->
Policy for Web Applicaiton

Didn't find what you were looking for? Find more on Disallow an AD Security Group from a Site Collection Or get search suggestion and latest updates.