Private intranet-level Nuget feed: Windows Integrated Security customization

Question

I'm considering setting up Intranet-level Nuget feed(bunch of teams in my company are supposed to use it).
I've looked briefly through some tutorials + appropriate chapters in Pro Nuget book, however I still do have some question left so far:

1. How to make windows integrated security working on private feed smoothly and customize access rights for private Nuget feed(for instance, grant everyone to get packages but grant pushing only to several domain users/groups);
2. How to allow developers to push packages to private feed without having api key?
3. How to save developers from making such silly mistake as pushing package to public feed? Is that enough to not configure api key for public feed as default?

Has anyone faced with one of these cases?

Answer 1

I did not try this so far, but following those instructions : http://docs.nuget.org/docs/creating-packages/hosting-your-own-nuget-feeds

I would just create a network share on the server hosting the feed, with write access to specific AD group of developers.

This way your repository is public, and only some persons can add packages to it.

Even after, if you have a continuous integration server, you could allow access to the file share (or API key) only to the account building packages. This way packages are published automatically after having passed automated tests.