Hi, I would like to have opinions/ advices on how is the best way to manage Sharepoint trough Active Directory. Currently, all of our web apps security is managed using Active Directory security groups and we wanted to use the same principle on Sharepoint. So I've set up specific groups in AD for all of the secured section of our portal and added people in it. So far it works fine. Now the problem I'm facing is that there's one section where we want to restrict access only to a few groups of persons while letting everyone else in the organization have access. I know we cannot deny access in Sharepoint, the only thing you can do is not giving access. So I need groups for everyone else except the ones that we want to "deny" access to. Because there's a lot of people in the organization and that there is always a lot of employee movement, it is really a huge task to manage the groups for everyone. Networking already does that with distribution lists in AD, and I would like to know if there's a possiblity for me to reuse the lists so that we do not have a double maintenance of all the users that come and go. I tried adding the distribution lists to the security group that I've created to manage the Sharepoint section, but AD does not let me add a distribution list as a security group member... Is there a way to synchronise both lists? Or it there a better way to do this at all? Thanks for your expertise, I'm sure I'm not the first to face such a challenge! Phil Philippe Robert - Belron international

Hey Phil, I would simply create the AD group and leverage AD's ability to DENY access. It's true SharePoint doesn't have the ability to DENY access explicitly, but if you push that part of your requirement up to AD, then you just add that AD group to the content you wish to DENY people access to, and that should solve it.I trust that answers your question... Thanks C http://www.cjvandyk.com/blog