How to make folders viewable but not accessable on a windows 2008 shared folder

     I have a shared folder that all domain users can access. Some of these folders should not be accessable to some users. They can see the folder but if they click on it it should give them access denied error.
Now I tried everyhting when looking at the security tab in the folder proreties but I can't find away to view the folder but have the access denied. I have the same setup on a 2003 server with no issues what so ever.
So let's say we have a folder in the share called staff, when a user click on the folder , we can see many sub folders each with a staff name, only the staff with permission can access their own folders. If they click on other folder, then they get access denied.
Any idea how to do this?
Who is Participating?
On the 2008 box, can you right-click the 'staff' directory, do Properties and then to Security, Advanced, and click the Effective Permissions tabs.  Pick one of your users, and see what the output is.  Does it match the following?

* Traverse folder / execute file
* List folder / read data
* Read attributes
* Read extended attributes
* Create files / write data
* Create folders / append data
* Read permissions

I've set up a simple domain with a 2k3 and 2k8 server and set up a replica of your file share and haven't been able to replicate the issue.  It may also be worth setting up your own replica, setting your permissions as you normally would, and see if the problem persists.  It only takes one funky permission somewhere to throw the whole thing out of what.  If you do that and don't have the issue, try then setting up the replication on that replica that you've made.  If you start seeing the problem again, perhaps the replication process is messing with the permissions.
Can you give me a run down of how the permissions are set currently (share level, root folder level, and 'secured' folder level)?

All you should have to do to make the subfolder visible but not accessible is remove everyone but the user(s) you want to access the folder from the Security tab.

What is currently happening?  They aren't even able to see them?

And just curious, what's the logic for allowing them to see the folder but not access it?  Why not just keep it totally hidden if they have no rights to it?
andy98Author Commented:
Ok, here is the run down

Shared folder (admin has fiull right, domain users has read and execute, list folder content and read)
All sunfolder inherit from the parent folder
subfolders are
- accounting
- communications
- Finance
- IT
- Management
- Staff

So when you click on Finance, you should get access denied unless you are from the finance group.
When you click on staff, then you can see all folders there but can only access yours.

As for the logic, we have a 2003 file server that is mirrored to a 2008 server. We use XP pro machines to access these servers.
When you use the 2003 server and click on the staff folder you see all the folders under staff but can only access yours.
When you use the 2008 server and click on the staff folder, you see only your folder.
I'm just trying to be consistent and want to know why is this happening only for 2008.
Thanks, I really appreciate it
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

How are you doing your mirroring?  DFS?  And if so, are users connecting to the DFS root, or to each server individually?
andy98Author Commented:
3rd party realtime file replication  software. We just replaced a 2003 server at location B with a 2008 server.
Location A still uses 2003 server.
OK.  On the share, when you say admin has full rights, that's at the share level?  And domain users have read and execute at the share level?  What do the security permissions look like on that root folder?

I'll fire up a couple of VMs here and see if I can replicate your issue.
andy98Author Commented:
Yes the admin has full rights to the share and all sub folders under the share. All folders under the share are supposed to inherit the rights from the share except when when we need to secure some folders, then we remove the domain users access and just give either read or full rights to certain users.
The rights on the mirrored folders are exactly the same but when the the user open the share from the 2008 server, they don't see the folders they don't have access to. When opening the share from the 2003 server, they see all the folders but when they click on a folder they don't have access to, they get an error message saying folder is not accessible.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.