Marka Mekapse
asked on
File sharing on windows server 2003
ok, i feel like this is an easy one but i am having a problem with this.
i created a file server that has several shares, i have created several groups that will access these shares. my question is how can i make these shares invisible to everyone else with respect to the account logged in.
i.e. i log in and want to only see what i have access.
thanks
i created a file server that has several shares, i have created several groups that will access these shares. my question is how can i make these shares invisible to everyone else with respect to the account logged in.
i.e. i log in and want to only see what i have access.
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
lee
this sounds like a viable option and the least destructive on permissions - now i have not tested this theory but if i added for example \\server\share$ into a login script for a specific group it would map that drive making all subfolders visible. right?
this sounds like a viable option and the least destructive on permissions - now i have not tested this theory but if i added for example \\server\share$ into a login script for a specific group it would map that drive making all subfolders visible. right?
The only difference between
\\server\share
and
\\server\share$
is that when you view
\\server
the share is not displayed in the view of the server resources.
As for permissions, it's an entirely NEW share - you can't simply change the share name. If you set Share permissions, they are effectively gone. If you use NTFS permissions, there is ABSOLUTELY NO EFFECT on permissions (this is one of the reasons I almost NEVER set share level permissions. NTFS permissions are granular and not affected by share permissions; when I do set share permissions, it's either Read Only or FULL ACCESS - and that's typically for admins vs. everyone else).
\\server\share
and
\\server\share$
is that when you view
\\server
the share is not displayed in the view of the server resources.
As for permissions, it's an entirely NEW share - you can't simply change the share name. If you set Share permissions, they are effectively gone. If you use NTFS permissions, there is ABSOLUTELY NO EFFECT on permissions (this is one of the reasons I almost NEVER set share level permissions. NTFS permissions are granular and not affected by share permissions; when I do set share permissions, it's either Read Only or FULL ACCESS - and that's typically for admins vs. everyone else).
if you make an administratice share ($ suffix) it will be invisible to everyone.
two possibilities here.
1. create separate folders for each 'display group' and put links to the shares in there. this would involve a lot of administrative overhead, since each possible group combination has to be taken into account.
2. do the same thing except with DFS.
there really is no solution to what you are asking i think.
two possibilities here.
1. create separate folders for each 'display group' and put links to the shares in there. this would involve a lot of administrative overhead, since each possible group combination has to be taken into account.
2. do the same thing except with DFS.
there really is no solution to what you are asking i think.
The $ sign is one option. Also there is a tool called Access Based Enumeration where the share will be invisible to everyone except those that have permissions to it.
http://technet.microsoft.com/en-us/library/cc784710(WS.10).aspx
"Access-based Enumeration is a new feature included with Windows Server 2003 Service Pack 1. This feature allows users of Windows Server 2003–based file servers to list only the files and folders to which they have access when browsing content on the file server. This eliminates user confusion that can be caused when users connect to a file server and encounter a large number of files and folders that they cannot access."
Either using $ sign or ABE will work for you.
http://technet.microsoft.com/en-us/library/cc784710(WS.10).aspx
"Access-based Enumeration is a new feature included with Windows Server 2003 Service Pack 1. This feature allows users of Windows Server 2003–based file servers to list only the files and folders to which they have access when browsing content on the file server. This eliminates user confusion that can be caused when users connect to a file server and encounter a large number of files and folders that they cannot access."
Either using $ sign or ABE will work for you.
either that or just create separate DFS roots... imo DFS is the way to go,lol $.. funny hacks.
on the parent folder where the share is located ie: (parentfolder/sharename). set 'users' to have only read rights 'for this folder only' in ntfs permissions. on the sharename set whatever permissions on groups.
they wont be invisibile, but they will be inaccesible.