Deny read permission in Active Directory

We have a few users that logs in through RRAS VPN and then maps a network drive to a specific folder; however, when I was testing their access rights I notice I can see the other shared folders.  How can I limit their read access to that one specific folder and nothing else?
LVL 1
randy915Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jderaCommented:
Deny permissions on the other folders.
0
dianthonymCommented:
right click the folder then select properties.
click on the sharing tab and then click the permisiions button.
uncheck the "read" box and click ok all the way out.  

That should do the trick.  

Hope this helps
0
aissimCommented:
Do you mean you don't want them to see the contents of those other shares; or you don't want those shares to even be visible?
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

randy915Author Commented:
Not working... -_-?

Let's just say if I have 3 folders:
E:\bits
E:\backup
E:\data

and I want to the VPN users to only see the \data\ folder.  I right-click on \data\, choose Sharing and Security then click Permissions under the Sharing tab.  I have domain admin with full control and one of the VPN user accounts with Deny on all 3 checkboxes.  I tested his account and I'm still able to see the other 2 folders.

I even went into the Security tab and added the VPN user then denied all boxes.  Am I missing something?  I thought Deny takes precedent over all other permissions.  What about permission inheritence?  Are the folders inheriting some other permission from the root E:\ permission?
0
randy915Author Commented:
I'm sorry, I meant to say do those steps to the bits and backup folder.
0
aissimCommented:
Check out the Windows Access Based Enumeration:
http://www.microsoft.com/downloads/details.aspx?FamilyId=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en

It's a very light, quick, install for the server that makes it so if a user has been denied permissions to a shared folder(s) - those folders aren't even visible to that end user.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.