Traverse and Directory Permissions
On one of my servers, I have a "Data" share. "Domain Users" have full access to the share. On the share I have department directories set up. Users are all put into department global group, and each group has full access to the respective department directory. Here's the dilema, and I have searched all over for this one: Each department directory has a "Share". I would like "Domain Users" to have read/write access to each of the department shared, but not see the files or other directories within those departments (with the exception of their own department).
In the following example, I would like the FINANCE global group to have access to \FIN and below, while the Domain Users should have access to the \FIN\SHARED folder, while not seeing any of the files or other folders within \FIN . I would follow this procedure for every department, and then create on \SHARED directory at the root for the entire company to share.
\FIN
\FIN\SHARED
In the Novell world, this was a snap, but I cannot figure this out with Microsoft. How can I accomplish the above without letting everyone see the files within the department directories? I only want them to see the shared directories within other departments. I have looked into "traverse", but that doesn't seem to be it.
In the following example, I would like the FINANCE global group to have access to \FIN and below, while the Domain Users should have access to the \FIN\SHARED folder, while not seeing any of the files or other folders within \FIN . I would follow this procedure for every department, and then create on \SHARED directory at the root for the entire company to share.
\FIN
\FIN\SHARED
In the Novell world, this was a snap, but I cannot figure this out with Microsoft. How can I accomplish the above without letting everyone see the files within the department directories? I only want them to see the shared directories within other departments. I have looked into "traverse", but that doesn't seem to be it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ABE is exactly what I was looking for. Not only was it easy enough for me to understand and implement, but my users are thrilled at what they see, and more importantly what they don't have to weed through anymore. THANKS
You can try this, Create a Root folder for share (Eg: USERSDATA) and Select 'Sharing and Security' and in 'Sharing' tab select 'Permissions', then remove Everyone and add Authenticated Users and assign 'Change' & 'Read Permissions'. Now u r finished with sharing the Main Folder.
Now you Create a Folder (Eg:FINANCE) and a subfolder beneath it (Eg:SHARED). Your requirement is that Finance Group People will have full access for both the folders and other Domain Users should be able to Read Write only the Subfolder, to acheive this,
1. Go to properties of FINANCE folder and select Security tab.
2. Go to Advanced and then uncheck "Allow inheritable permissions from the parent...."
3. Now select the Users(Domain\Users) --> Domain Users (if already available, else add it) and click Edit.
4. Select "This Folder Only" & Allow --> List Folder / Read Data option only (deselect other options if selected) and click OK.
5. Now add FINANCE GROUP and give them Full Control for "This Folder, Subfolder and files" and click OK till all the windows are closed.
6. Then go to SHARED folder and repeat step 1 & 2
7. Click on Add and select Users(Domain\Users) and check all permissions except "Full Control, Delete Subfolder and Files, Change Permissions & Take Ownership".
Domain Users will be able to open the main folder (Finance) and can view the folder and files but cannot access it, they can read & write data in the sub folder (Shared).
By all means if you dont want the datas in the main folder to be displayed other than Shared folder, please go ahead with MS Access Based Enumeration tool which has been suggested by oBdA
Regards,
KKVP