Hi! Is there a way to remove user account(s) from MOSS 2007 site? We need to be sure this user can't access ANY content in frame of a site (doc lib, doc, list, etc.) even if he has access only to 1 list for example with the inheritance broken. How to detect such an account and then delete it? Thanks for your help.

The easiest way to accomplish this would be to add the user to a DenyRead Web Application Permission Policy in Central admin for each WEb Application. WEb App permission policies take precedence over any permissions set anywhere within a site collection, site or list. So if you apply a DenyRead policy that user will be denied access to the whole web application no matter what permissions they have in the site, web, or list.Paul Stork SharePoint Server MVP Chief SharePoint Architect: Sharesquared Blog: http://dontpapanic.com/blog Twitter: Follow @pstork Please remember to mark your question as "answered" if this solves your problem.

Hi Paul, Yes, it's the easiest way, but not appropriate for us. We have only 1 Web App (portal:80) and all portal sites are in frame of this App. How to make only 1 site isn't accessible for 1 specific user - it's a question.

I found the following way: Site Actions - Site Settings - People and Groups - All People (Use this page to view and manage all people for this site collection.) Yes, really here we can delete users from site collections using filters. But of course if this user is included in NT Autority\Authenticated users or HIS_Domain\Domain Users in frame of this site, it doesn't resolve the situation. :-(

Hi, I would suggest you to create a group that will contain all users from NT Authority except this one. You can create a tool similar to shown below. Here I am picking all users from Site users list and adding them into a group. Later on you can remove your user from the same. You can execute this periodically to get it updated from updates in NT authority. using (SPSite site = new SPSite("YourSiteUrl")) { using(SPWeb web = site.OpenWeb()) { SPGroup group = web.SiteGroups["YourGroupName"]; SPUserCollection users = web.SiteUsers; foreach (SPUser user in users) { if (!((user.LoginName.Contains("NT AUTHORITY") || (user.LoginName.Contains("SHAREPOINT"))))) { group.AddUser(user); } } group.RemoveUser(yourUser); } } I hope this will help you out. Thanks, Rahul Rashu

Hi, I would suggest you to create a group that will contain all users from NT Authority except this one. You can create a tool similar to shown below. Here I am picking all users from Site users list and adding them into a group. Later on you can remove your user from the same. You can execute this periodically to get it updated from updates in NT authority. using (SPSite site = new SPSite("YourSiteUrl")) { using(SPWeb web = site.OpenWeb()) { SPGroup group = web.SiteGroups["YourGroupName"]; SPUserCollection users = web.SiteUsers; foreach (SPUser user in users) { if (!((user.LoginName.Contains("NT AUTHORITY") || (user.LoginName.Contains("SHAREPOINT"))))) { group.AddUser(user); } } group.RemoveUser(yourUser); } } I hope this will help you out. Thanks, Rahul Rashu