Guest user see all users in domain

Copper Contributor

Hi all,


I have recently extended the usage of Sharepoint in the company.


I have then created a site intended to collaborate with partners who work with us. These are persons which are not part of our company, but who should get access to a common document folder structure to download documents intended to all partners, and also a personal folder to exchange documents only intended to them.


The idea is to create a team with all partners who can access the common area and to provide individual access to the personal area. My idea was to use "Guest accounts" for the partners and to group these guests in a team with our staff for the common section.


After having created a dummy guest account and done some testing, I noticed that any Guest user is also member of the "All users" group. Through his account portal, the guest user gets visibility on the  "all users" group that exist in the sharepoint domain (active users, other guest users). It seems impossible to remove a Guest user from the "All user" group. While I understand the technical reason why a guest user is also member of all users, I don't think that guest users should be able to see all other users. 


I now try to understand the purpose and usage of Guest user accounts : clearly I don't want to show all users to any guest user.


Also what would be the best practice to create a secure and limited environment in Sharepoint for the purpose explained at the beginning ?


Thanks for your help !

2 Replies
That "All users" group is likely created by one of your administrators and uses dynamic membership filter. Either adjust the filter of said group to exclude Guests, or delete it altogether if you consider it a security/privacy issue.
It is my understanding that "All users" is created by default and not an optional creation of the admin. But thank you for the idea of using dynamic membership filtering - I will look into it.