One of the possible solutions is to remove the user from each and every group he is member of. Also remove any direct permission given to him in any of the sub site. But this would be very tedious task if there is large number of sub sites.
Even if we manage to do the task of manually going around in each and every site, there is a catch. What if one of the groups takes all member of the domain as it member? Yes this can happen. At the time of adding users to the group there is option to add all authenticated user to the group. To be specific we will have to add "NT AUTHORITY\authenticated users" to add all users to the group.
In such a scenario, even if we remove the permission of the user from each sub site, even if we remove the user from all groups. Still the user will have access to the portal due to the above action taken in the last paragraph.
Now what?
Don't Panic! There is simple and quick solution to the problem.
- Open up your Central Administration
- Navigate to the Application Management Tab
- Under Application Security Section click on the "Policy for web application link"
- Select appropriate Web Application to which user access should be denied.
- Click Add Users
- Select appropriate zone (Default is "All Zone") from which the user should be removed. Click Next.
- Now in the people picker add the user(s) you may want to deny access.
- Under Permission section, click on "Deny All"
- Press Finish.
That's all folks. Now let the user access the portal. He will be greeted with a sweet message "Access Denied".
1 comment:
Great tip Rizwan. Worked a treat
Post a Comment