• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 512
  • Last Modified:

NTFS, shares, acls and headaches.

I'm pretty sure this is not possible (because ntfs acls suck) but I am faced with the following. we have a typical shared user directory structure :

NT4 Domain environment.

     (share to Global group)          Common
(Full rights acl to Global group1)                 Marketing
(Full rights acl to Global group2)                 Finance
(Full rights acl to Global group3)                 HR

I want to map root a drive to the common share and want the marketing group to have full access only the marketing directory. Sounds simple ,however, the marketing users are able to see the Finance and HR folders as well even though they are not members of the other groups and have only read access to the common.

I have turned off inhereted rights at the common directory and am assigning explicit rights to the groups to the 3 subfolders beneath.

I am going crazy over this and dreaming of the good old days of netware. Please put me out of my misery.
  • 3
  • 3
1 Solution
i dont work with nt4 too much but on nt5 thre is an option when you set the permissions on a folder (if you are in the "advanced permissions") where you can choose how far you want these permissions to go IE this folder only, or this folder, its subfolders only, or this folder, its subfolders and files.  

are you saying that you dont wan them to "see" the folders, or you dont want them to have access to them?

if you dont want them to have access to them, then it is very easy to accomplish this, all you have to do is remove the groups you dont want to have access to the finance directory from the ACL and they won't be able to get to it.  They will still be able to see it, but can't get into it.
hotdiggetydawgAuthor Commented:
I want say the finance users to access the finance directory only and not see the HR and Marketing directories. The reason for the mapping at the common level is because the have a couple of users who work in all thee and so are members of all three groups
and I dont want to have a different drive mapping for each folder.

"They will still be able to see it, but can't get into it" - this is exactly where I am at the moment but I dont want them to even see a directory that they have no access to.
thanks for clarifying that you dont want them to even "see" the folder.

i don't think this is possible with NTFS (although it might be) I swear i did it once while playing with permissions but later i wasn't able to recreate it.   This is one feature of netware however, that windows doesn't seem to have.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

hotdiggetydawgAuthor Commented:

You say 'feature' ? I say Windows flaw, you can do this stuff with other os's surley? MS gets a big fat thumbs up for lack of basics requirements from me.

You get the points for answering anyway,

Cheers Mike
Mohammed HamadaSenior IT ConsultantCommented:
Hello hotdiggetydawg

First Right click My Computer
Goto Manage ---> System Tools ---> Shared folders ---> Shares
You'll see The shared folders on your right .
Right click the folder you want to set permission for its access

Here what The steps above can help you at:-

You can use Shared Folders to view a summary of connections and resource use for local and remote computers. Shared Folders replaces resource-related components in the Windows NT 4.0 Server Control Panel.

With Shared Folders, you can:

Create, view, and set permissions for shared resources.
View a list of all users who are connected over a network to the computer, and disconnect one or all of them.
View a list of files that have been opened by remote users, and close one or all of the open files.
The subfolders in Shared Folders contain information, arranged in columns, about all the shared resources, sessions, and open files on the computer.
hotdiggetydawgAuthor Commented:
 What has your comment got to do with the fact you cannot hide a folder from a user that has no access to it?
it has nothing to do with it,, it is standard practice to leave share permissions to full access for everyone and leave secuirty up to NTFS permissions for 2 reasons:

1.  easier for the admin
2.  NTFS offers alot more granular options than share permissions. In fact the only 3 options w/ share permissions are full change and read.

if the question was "how do you view current shares and/or current connetions?" that answer might have helped, but it does nothing for the problem at hand.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now