Solved

Can only access shared files from My Documents not by path name

Posted on 2010-09-20
6
251 Views
Last Modified: 2012-05-10
I shared out a users (user1) folder to another user (user2) and it shows up in user2's "My Documents" folder.  However, if i try to access it by drilling down from My Network Places to the original user's (user1) shared folder logged in as user2, I get an access denied error although they have full access to that folder.

Normally, it wouldn't be an issue, but when you look at the shared folder in the "My Documents" folder on user2's PC, you can't tell where it came from unless you open it up, and then you can see the path.

How can I configure it so that I can "drill down" in user1's home folder to see the shared folder?  If done right, once I access User1's home folder, I should be able to see only the shared folder, so there would be no security problems then.

What I would like to do is map user1's shared folder to the user2's desktop.  I realize that i can just create a shortcut from user2's My Documents and place it on the desktop, but that's not what I'm trying to accomplish.

The server is MS Server Standard 2008R2 and the PC is XP Pro SP3.

Any ideas would be appreciated.

Thanks
0
Comment
Question by:JerryL
6 Comments
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
In your scenario, are the users mapped as:

\\server\user1 (each user has their own individual share)

or as

\\server\sharehome\user1 (there is one share under which each user has a folder to access)

?

At what point in the "drill down" do you get the error?
0
 
LVL 28

Expert Comment

by:burrcm
Comment Utility
There must be at least read access to the containing folder or you cannot drill to the shared folder. My Documents is not the correct place to place a shared folder, you would normally setup a shared structure/drive from C: called Users or whatever, and provide individual shares below that. The Uers folder is readable by all and all can see the users personal folders, but only the authorized users can access the personal folders. A group shared folder can be here, accessible to all.

Chris B
0
 

Author Comment

by:JerryL
Comment Utility
Thanks for the responses.

Burrcm:  I shared out the folder as you mentioned and it did work. However, it wouldn't work if i just shared out the parent folder.  I had to share out the users' Documents folder at the top in order to stop getting the message.  The folder that I wanted to share out is two or three layers down.  Even though it did work,  the user who it is shared out to can see the other folders and files in the Documents folder, and they have no need to see what is there or access any of it.  Even though they can't open the other files up, I'd perfer if they didn't see them at all.  Is there a way to share out the required subfolders without them being able to see the other contents?

Thanks
0
 
LVL 31

Accepted Solution

by:
DrUltima earned 500 total points
Comment Utility
You have two choices:
  1. You can use Access Based Enumeration.  In this methodology, you would still share out the "Users" folder, but each user would only see subfolders to which he/she has access.  For more info on that, check this article: http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspx
  2. You can share the exact sub-folder you want accessed.  Share it out as "Everyone Full" on the share permissions and use NTFS file level permissions to control account access.
From an administrative standpoint, here are your pros and cons:
  1. With ABE, you don't have the royal pain in the butt of shares inside of shares.  In my experience this can cause angst in administration as it grows.  However, if the folder required is three levels deep, the user would need at least read/list access to the first two levels to get to the third level.
  2. With a deep level share, you have the advantage of not having to grant permissions to items you don't want seen.  The user would be linked at a root level of the folder you want the user to access.  However, it becomes more and more difficult to manage as this type of scenario grows.
If it were my server, I would use ABE and not have deep level shared folders.

Justin
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now