We have two intranets for two companies built on the same platform. One company shouldn't access the other company's intranet - but they can. We had user "Everyone" where all users ever logged in gets added from start. We have also added the proper company user groups (based on info from AD). However, when I remove group "Everyone", everything stops and noone but administrators can enter. I've now tried adding user group "Authenticated" hoping that this would make EPi check the user groups from AD and admit/decline entry. I can remove user group "Everyeone" and people can enter. But still anyone can access the other user groups. How can we solve this?