For a sophisticated web application, SharePoint (WSS or MOSS) is missing a feature as simple as Deny access (Deny Read, Deny Write, Deny All). To deny access to the SharePoint for single user or a group of users, you modify Policy for Web Application in SharePoint Central Administration:
- Open SharePoint Central Administration
- Click on Application Management
- Then, under Application security, click on Policy for Web Application
- Select correct web application in the drop down
- Click on Add Users
- Select web application and the zone. Click Next
- Enter the username or security group. Select Deny Write or Deny All and click on Finish
Note: This will deny access to the whole web application in SharePoint! There is no way to deny access to a specific SharePoint item (site, list, document library and so on)
Hopefully Microsoft will fix this weakness in the next service pack or so…