Solved

disallow browsing on network share

Posted on 2011-03-17
5
353 Views
Last Modified: 2012-08-13
I need to set up network share accessible by security group with the following criteria.
1. User's can't browse it
2. Users can open any document if they know exact path.

Network share is on Windows 2008 R2 standard server.

Thank you
0
Comment
Question by:Coffinated
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 11

Expert Comment

by:slemmesmi
ID: 35159135
Dear Coffinated,

you'll need to deny "List folder contents" on the top folder of the share and all folders below this, for the group you want to (only) allow to do '2'.

Kind regards,
Soren
0
 
LVL 11

Expert Comment

by:slemmesmi
ID: 35159137
Dear Coffinated,

sorry - forgot to mention that "Everyone" should have no permissions at all on the top folder, but have "Full Control" on the share itself.

Kind regards,
Soren
0
 
LVL 5

Author Comment

by:Coffinated
ID: 35159276
Let's say I have the following folder structure:
D:\share\folder1 & folder2

perms for "share"
share: everyone full control
security: group1 special access:
DENY: List folder/read data
ALLOW: Everything but Full access and list folder.

Effective permissions do show lack of full control and list folder data, yet users from group1 can't open a file \\share\folder1\test.txt

Include inheritable perms from parent object is disabled.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 35163022
Give them any permissions you want to> But, make the share folder a hidden share (give it the hidden attribute). Giving the share the hidden attribute will not send out the netbios broadcast to all users.

There is an alternative. You can install and configure Access Based Enumeration. This ONLY allows people who have access to the share to see it in network places. The signifigance is people don't need to know the path, necessarily. But, only people with the right permissions can see it.
0
 
LVL 11

Accepted Solution

by:
slemmesmi earned 500 total points
ID: 35163172
Dear Coffinated,

I am not sure which permission you refer to in your sentence about "group1" "DENY: List folder/read data" - can you elaborate on the "/read data" part - exactly which permission do you refer to by "read data" being denied?

On folder permissions:
"group1" must have been allowed "Read&Execute" as well as "Read" on the folder (and contained objects).
"group1" must be denied "List folder contents"
"group1" should not be allowed/denied any other permissions.

Could you eventually make a few screen shots of the permissions you have set on the folder for the "\\share\folder1\test.txt" as well as for the specific file, and post these here please?

It could easily be that the file "test.txt" placed in the folder, did not inherit the permissions from/of the folder (which may be the case when a file is moved into the folder).

@ChiefIT: Making the share hidden, does not prevent users with the knowledge about the share to browse it and ABE still only gives the result with the proper set of permissions set.

Kind regards,
Soren
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question