NTFS, shares, acls and headaches.

Posted on 2005-03-24
Medium Priority
Last Modified: 2008-03-03

I'm pretty sure this is not possible (because ntfs acls suck) but I am faced with the following. we have a typical shared user directory structure :

NT4 Domain environment.

     (share to Global group)          Common
(Full rights acl to Global group1)                 Marketing
(Full rights acl to Global group2)                 Finance
(Full rights acl to Global group3)                 HR

I want to map root a drive to the common share and want the marketing group to have full access only the marketing directory. Sounds simple ,however, the marketing users are able to see the Finance and HR folders as well even though they are not members of the other groups and have only read access to the common.

I have turned off inhereted rights at the common directory and am assigning explicit rights to the groups to the 3 subfolders beneath.

I am going crazy over this and dreaming of the good old days of netware. Please put me out of my misery.
Question by:hotdiggetydawg
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 25

Expert Comment

ID: 13624528
i dont work with nt4 too much but on nt5 thre is an option when you set the permissions on a folder (if you are in the "advanced permissions") where you can choose how far you want these permissions to go IE this folder only, or this folder, its subfolders only, or this folder, its subfolders and files.  

are you saying that you dont wan them to "see" the folders, or you dont want them to have access to them?

if you dont want them to have access to them, then it is very easy to accomplish this, all you have to do is remove the groups you dont want to have access to the finance directory from the ACL and they won't be able to get to it.  They will still be able to see it, but can't get into it.

Author Comment

ID: 13624585
I want say the finance users to access the finance directory only and not see the HR and Marketing directories. The reason for the mapping at the common level is because the have a couple of users who work in all thee and so are members of all three groups
and I dont want to have a different drive mapping for each folder.

"They will still be able to see it, but can't get into it" - this is exactly where I am at the moment but I dont want them to even see a directory that they have no access to.
LVL 25

Accepted Solution

mikeleebrla earned 750 total points
ID: 13624634
thanks for clarifying that you dont want them to even "see" the folder.

i don't think this is possible with NTFS (although it might be) I swear i did it once while playing with permissions but later i wasn't able to recreate it.   This is one feature of netware however, that windows doesn't seem to have.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 13624819

You say 'feature' ? I say Windows flaw, you can do this stuff with other os's surley? MS gets a big fat thumbs up for lack of basics requirements from me.

You get the points for answering anyway,

Cheers Mike
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 13625030
Hello hotdiggetydawg

First Right click My Computer
Goto Manage ---> System Tools ---> Shared folders ---> Shares
You'll see The shared folders on your right .
Right click the folder you want to set permission for its access

Here what The steps above can help you at:-

You can use Shared Folders to view a summary of connections and resource use for local and remote computers. Shared Folders replaces resource-related components in the Windows NT 4.0 Server Control Panel.

With Shared Folders, you can:

Create, view, and set permissions for shared resources.
View a list of all users who are connected over a network to the computer, and disconnect one or all of them.
View a list of files that have been opened by remote users, and close one or all of the open files.
The subfolders in Shared Folders contain information, arranged in columns, about all the shared resources, sessions, and open files on the computer.

Author Comment

ID: 13625401
 What has your comment got to do with the fact you cannot hide a folder from a user that has no access to it?
LVL 25

Expert Comment

ID: 13625681
it has nothing to do with it,, it is standard practice to leave share permissions to full access for everyone and leave secuirty up to NTFS permissions for 2 reasons:

1.  easier for the admin
2.  NTFS offers alot more granular options than share permissions. In fact the only 3 options w/ share permissions are full change and read.

if the question was "how do you view current shares and/or current connetions?" that answer might have helped, but it does nothing for the problem at hand.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Often we come across situations wherein our batch files would be needing to reboot Windows for a variety of reasons. A few of them would be like: (1) Setup files have been updated whose changes can take effect only after a reboot …
Hello I read in a discussion about a person who configured a very simple mirror RAID with two hard drives; the system and data were on the same partition. He asked how to repair the system as it was not booting up anymore. In his case running …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question