File Sharing -- How do I restrict a user from viewing sub-folders of a shared folder????

Posted on 2004-04-13
Last Modified: 2010-04-19
Good Morning,

Before I begin, let me inform you that we are moving from a Novell 5 file and print sharing box to a 2003 Standard file and print sharing box.  From what have read in other articles and on-line, my question may not be solvable in a practicle manner.  And I've read that I need to change my thinking when it comes to Novell vs. Windows file and folder sharing methods.

Let's begin:

I have established a shared folder \\fileserver\root\.  Everyone has view rights to this shared folder.  I can access and map the Y:\ drive to this folder from my PC.  I have setup a test file structure and a bunch of files throughout this directory.  I can view all files and folders from my PC.

My problem is this, let's say this is the following directory structure:

\\fileserver\root\  =  Y:\

3.  Y:\XEROX\

Okay, how do I make it so a user only sees number 1 and 2?  What rights or whatever do I need to change so that the user will not view Y:\XEROX\?  Even if I remove all usernames from the Security tab, the users can still see the folder, they just cannot browse it.  In Novell, if you don't explicitly give rights to a user to view a folder, they don't...

I can't imagine that Microsoft security is such that you can see a folder, but you just can't see the contents.

I hope this explanation is sufficient, I'll be glad to supply more information is needed.


Question by:adammichael
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
LVL 67

Assisted Solution

sirbounty earned 130 total points
ID: 10816266
I think the closest you can obtain, if I follow you correctly - to 'hide' these folders - is to share them out with a $ symbol...

All shares with a trailing $ are hidden...

So, if you have \\fileserver\root\xerox being shared as \\fileserver\xerox$
Users would have to either have a mapping there in a login script or 'know' how to get to it to find it...

Author Comment

ID: 10816302

Let's say I have an Accounting department folder.  There are ten users and each one has certain folders that can get to and some folders that they cannot get to.  User 1 can get to 3 of the available 15 folders, user 2 can get to 10 of the folders, etc...

I'm making this up by the way...

Anyhow, does it boil down to, I'm going to have to share every folder using a $ and then map each user to their respective folders?

Hope i didn't confuse you.

LVL 16

Accepted Solution

JamesDS earned 145 total points
ID: 10816558

Yup, you're right.

Novell hides folders that users do not have access to
Windows doesn't

The only solution is the one you mention - share individual folders or suffer with the fact that users get to see everything and get an access denied message for the folders they shouldn't have access to.

However on Windows 2003 cluster fileserver it is possible to use the dymanic sharing feature:
If you want to use a cluster to create a high availability file server that will have hundreds of file shares, consider managing those file shares using a single File Share resource. You can do this if the folders that you want to share on the network are all subfolders of a common folder. For example, if you use your file server to support hundreds of users, and each user has a private folder that is a subfolder of the Users folder, you can manage individual file shares for each user using a single File Share resource. You also have the option to hide the file shares that you create for each user so that they will not be visible when browsing. For information on sharing the subfolders of a folder and hiding the files shares you create, see "To share subfolders on a File Share resource" on technet


Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!


Author Comment

ID: 10817040
I've only got a single 2003 server.

Is my question strange?  I mean, I can't believe Microsoft would allow all folders to show...just doesn't make sense...  :(

Anyhow, what do most admin's do in this case?  Setup a truckload of shares, or deal with access denied messages?

LVL 67

Expert Comment

ID: 10818933
We group them by user dept.
Finance would have several related shares, marketing, etc...
If there were any that a select few in one department should not get to then yes - we either set up a seperate share or deal with the access denied message...
Bill knows best, eh? ;)

LVL 16

Expert Comment

ID: 10820535

Thanks for the points.

In closing, your question is very common - I do a number of Novell migrations to AD every year and this comes up every single time. I usually go for a combination of grouping by department, lots of shares and File Share resources where I can work in a cluster.

It's a bitch but we love it!



Expert Comment

ID: 10993838
I'm in the same boat, and, it's incredible that this goes on, year after year.  Alright, if we can't disappear the folders, could we change the icon or color of those that the user cannot access?
LVL 16

Expert Comment

ID: 10993867
You can't post new questions here, you need to post a new question on EE



Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In a recent question ( here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question