How to make folders viewable but not accessable on a windows 2008 shared folder

     I have a shared folder that all domain users can access. Some of these folders should not be accessable to some users. They can see the folder but if they click on it it should give them access denied error.
Now I tried everyhting when looking at the security tab in the folder proreties but I can't find away to view the folder but have the access denied. I have the same setup on a 2003 server with no issues what so ever.
So let's say we have a folder in the share called staff, when a user click on the folder , we can see many sub folders each with a staff name, only the staff with permission can access their own folders. If they click on other folder, then they get access denied.
Any idea how to do this?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Can you give me a run down of how the permissions are set currently (share level, root folder level, and 'secured' folder level)?

All you should have to do to make the subfolder visible but not accessible is remove everyone but the user(s) you want to access the folder from the Security tab.

What is currently happening?  They aren't even able to see them?

And just curious, what's the logic for allowing them to see the folder but not access it?  Why not just keep it totally hidden if they have no rights to it?
andy98Author Commented:
Ok, here is the run down

Shared folder (admin has fiull right, domain users has read and execute, list folder content and read)
All sunfolder inherit from the parent folder
subfolders are
- accounting
- communications
- Finance
- IT
- Management
- Staff

So when you click on Finance, you should get access denied unless you are from the finance group.
When you click on staff, then you can see all folders there but can only access yours.

As for the logic, we have a 2003 file server that is mirrored to a 2008 server. We use XP pro machines to access these servers.
When you use the 2003 server and click on the staff folder you see all the folders under staff but can only access yours.
When you use the 2008 server and click on the staff folder, you see only your folder.
I'm just trying to be consistent and want to know why is this happening only for 2008.
Thanks, I really appreciate it
How are you doing your mirroring?  DFS?  And if so, are users connecting to the DFS root, or to each server individually?
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

andy98Author Commented:
3rd party realtime file replication  software. We just replaced a 2003 server at location B with a 2008 server.
Location A still uses 2003 server.
OK.  On the share, when you say admin has full rights, that's at the share level?  And domain users have read and execute at the share level?  What do the security permissions look like on that root folder?

I'll fire up a couple of VMs here and see if I can replicate your issue.
andy98Author Commented:
Yes the admin has full rights to the share and all sub folders under the share. All folders under the share are supposed to inherit the rights from the share except when when we need to secure some folders, then we remove the domain users access and just give either read or full rights to certain users.
The rights on the mirrored folders are exactly the same but when the the user open the share from the 2008 server, they don't see the folders they don't have access to. When opening the share from the 2003 server, they see all the folders but when they click on a folder they don't have access to, they get an error message saying folder is not accessible.
On the 2008 box, can you right-click the 'staff' directory, do Properties and then to Security, Advanced, and click the Effective Permissions tabs.  Pick one of your users, and see what the output is.  Does it match the following?

* Traverse folder / execute file
* List folder / read data
* Read attributes
* Read extended attributes
* Create files / write data
* Create folders / append data
* Read permissions

I've set up a simple domain with a 2k3 and 2k8 server and set up a replica of your file share and haven't been able to replicate the issue.  It may also be worth setting up your own replica, setting your permissions as you normally would, and see if the problem persists.  It only takes one funky permission somewhere to throw the whole thing out of what.  If you do that and don't have the issue, try then setting up the replication on that replica that you've made.  If you start seeing the problem again, perhaps the replication process is messing with the permissions.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.