File sharing on windows server 2003

ok, i feel like this is an easy one but i am having a problem with this.

i created a file server that has several shares, i have created several groups that will access these shares.  my question is how can i make these shares invisible to everyone else with respect to the account logged in.

i.e. i log in and want to only see what i have access.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
I'm quite sure if this is what you're asking, but the only way to make a share "invisible" - that is, when you browse the server's name, you don't see it listed in the available shares - is to append a dollar sign - $ - to it's name.  For example:

\\Server\Share   <- is browseable by anyone looking at the server from the network
\\server\share$   <- is NOT browsable by anyone looking at the server from the network. (You have to know the share is there or you don't get access.

Other than that, you cannot hide the share.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
you don't need to make them invisible. set the share permission to everyone 'read and change'

on the parent folder where the share is located ie: (parentfolder/sharename). set 'users' to have only read rights 'for this folder only' in ntfs permissions. on the sharename set whatever permissions on groups.

they wont be invisibile, but they will be inaccesible.

johnkesoglouAuthor Commented:

this sounds like a viable option and the least destructive on permissions - now i have not tested this theory but if i added for example \\server\share$  into a login script for a specific group it would map that drive making all subfolders visible.  right?  

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

Lee W, MVPTechnology and Business Process AdvisorCommented:
The only difference between


is that when you view

the share is not displayed in the view of the server resources.

As for permissions, it's an entirely NEW share - you can't simply change the share name.  If you set Share permissions, they are effectively gone.  If you use NTFS permissions, there is ABSOLUTELY NO EFFECT on permissions (this is one of the reasons I almost NEVER set share level permissions.  NTFS permissions are granular and not affected by share permissions; when I do set share permissions, it's either Read Only or FULL ACCESS - and that's typically for admins vs. everyone else).
if you make an administratice share ($ suffix) it will be invisible to everyone.

two possibilities here.

1. create separate folders for each 'display group' and put links to the shares in there. this would involve a lot of administrative overhead, since each possible group combination has to be taken into account.

2. do the same thing except with DFS.

there really is no solution to what you are asking i think.
The $ sign is one option. Also there is a tool called Access Based Enumeration where the share will be invisible to everyone except those that have permissions to it.

"Access-based Enumeration is a new feature included with Windows Server 2003 Service Pack 1. This feature allows users of Windows Server 2003–based file servers to list only the files and folders to which they have access when browsing content on the file server. This eliminates user confusion that can be caused when users connect to a file server and encounter a large number of files and folders that they cannot access."

Either using $ sign or ABE will work for you.

either that or just create separate DFS roots... imo DFS is the way to go,lol $.. funny hacks.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.