?
Solved

Deny read permission in Active Directory

Posted on 2008-02-06
6
Medium Priority
?
816 Views
Last Modified: 2008-05-31
We have a few users that logs in through RRAS VPN and then maps a network drive to a specific folder; however, when I was testing their access rights I notice I can see the other shared folders.  How can I limit their read access to that one specific folder and nothing else?
0
Comment
Question by:randy915
6 Comments
 
LVL 20

Expert Comment

by:jdera
ID: 20835290
Deny permissions on the other folders.
0
 
LVL 6

Expert Comment

by:dianthonym
ID: 20835403
right click the folder then select properties.
click on the sharing tab and then click the permisiions button.
uncheck the "read" box and click ok all the way out.  

That should do the trick.  

Hope this helps
0
 
LVL 19

Expert Comment

by:aissim
ID: 20835865
Do you mean you don't want them to see the contents of those other shares; or you don't want those shares to even be visible?
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
LVL 1

Author Comment

by:randy915
ID: 20835874
Not working... -_-?

Let's just say if I have 3 folders:
E:\bits
E:\backup
E:\data

and I want to the VPN users to only see the \data\ folder.  I right-click on \data\, choose Sharing and Security then click Permissions under the Sharing tab.  I have domain admin with full control and one of the VPN user accounts with Deny on all 3 checkboxes.  I tested his account and I'm still able to see the other 2 folders.

I even went into the Security tab and added the VPN user then denied all boxes.  Am I missing something?  I thought Deny takes precedent over all other permissions.  What about permission inheritence?  Are the folders inheriting some other permission from the root E:\ permission?
0
 
LVL 1

Author Comment

by:randy915
ID: 20835884
I'm sorry, I meant to say do those steps to the bits and backup folder.
0
 
LVL 19

Accepted Solution

by:
aissim earned 500 total points
ID: 20835911
Check out the Windows Access Based Enumeration:
http://www.microsoft.com/downloads/details.aspx?FamilyId=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en

It's a very light, quick, install for the server that makes it so if a user has been denied permissions to a shared folder(s) - those folders aren't even visible to that end user.
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question