Good day  @Sharpharp1;

This one formal documentation shows onn how to restrict access to the designer except for the admininstrator in the iis(http://help.k2.com/onlinehelp/K2Five/UserGuide/5.3/default.htm#How-Tos/RestrictAccessDesignerIIS/Restrict-Access-Designer-using-IIS.htm).

---https://help.k2.com/kb001309

Hope it helps you.

Thanks;

Widson.

Hi Widson,

Tried this before, it doesn't work.

If you add an AD group to IIS and try and restrict it doesn't let anyone use Designer.

There was also another paper which suggested using the SSID of the AD Group, which worked when it wanted to.

I need a more robust way that works in 5.3

Thanks

Hi  @Sharpharp1;

Perhaps the iis still using the Everyone Role which was added by default in it ,When specifying users and groups for K2 Designer authorization, the Everyone role is added by default, providing all authenticated users in your organization, the ability to view K2 Designer. Best practice would be to remove the Everyone role from the K2 Designer authorization (By clicking the Break Inheritance button, select everyone role and clicking the Trash Can icon) and add users, groups and roles according to your organizations requirement.could please see the most supported way to do this on k2 5.3(http://help.k2.com/onlinehelp/K2Five/UserGuide/5.3/default.htm#K2-Management-Site/K2%20Designer/K2Designer.htm%3FTocPath%3DAdminister%7CK2%2520Management%7CDesigner%7C_____0)

------Authenticational Category relevant additional(http://help.k2.com/onlinehelp/K2Five/UserGuide/5.3/default.htm#AuthorizationFramework/Authorization-Framework-Overview.htm%3FTocPath%3DAdminister%7CK2%2520Management%7CCategories%7CAuthorization%7C_____0)

Kind regards;

Widson.