I'm having issues with a AD user, who is authenticated on 1 site, who can then manually type the blog address of ANY OTHER SITE, even if they don't have membership, and they can view that blog.
EX. WPTESTUSER, member of wptestgroup (has rights only to the http://blog/test, but specifically not http://blog/adminusers).
wptestuser logs into http://blog/test/wp-admin and makes a post. User then manually type http://blog/adminusers/ and can view the site.
Is there a way to make a site in a multisite setup safe (private) from unauthorized users?