We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


Windows Server 2008 - File structure problem - folders only show to those with rights to access/modify contents

PAhelptech asked
Medium Priority
Last Modified: 2012-05-11
I am creating a new file stucture on Windows Server 2008.

Background Information
I have created a new root folder called "PDrive" and have shared the folder with a share name of "PDrive" and the following permissions have been set:

SYSTEM - full control
Domain Users - Read & execute
Administrators - full control

I have created three sub folders (let's call them Administration, Projects, Shared Resources), all are NOT inheriting rights, but have the same rights as the root folder (this was done via the 'copy' option of the parent folder rights when deselecting 'include inheritable permissions from this object's parent' on the sub folders)

Each of the three sub folders has a number of business unit sub folders.

One of these folders 'Administration' is designed to house restricted sub folders.  One of these subfolders is called "Finance" and has the following permissions:

SYSTEM - full control
Administrators - full control
Finance-grp - modify

You will note that 'Domain Users' do not have any permissions like the root and first level sub folders above.  This is to restrict access only the 'Finance-grp' and the system/adminisrators groups for access/backup purposes.

The problem
The "Finance" folder is only visible in the file structure to users of the 'Finance-grp' and system/administrators.  If a non 'Finance-grp' user navigates into the parent folder 'Administration', they do not see the 'Finance' folder.  It is effectively as if it doesn't exist.

I would like the situation (which I am used to), whereby all users can see all folders, but only users with view/modify etc rights can access the said folder "Finance".  Users without rights would get an "access denied" message.

Is this problem something to do with Windows Server 2008 or the way in which I have applied security rights?  How can I rectify this problem?  

I understand that non-allowed users not being able to see the "Finance" folder may provide for added security, however we want all staff to be able to see all folders available through the whole structure (level one and two) regardless of whether or not they actually have access to the folder.  

Interestingly our existing file server structure works fine on the same windows 2008 server, however this was setup sometime ago during a SBS2003 to Server 2008 migration, so I am not sure if there is any difference between the two?  Both sets of folders (current and new file stuctures) are sitting within the 'Company' folder which I understand is a linkback to the SBS2003 days.

Any suggestions or advice are appreciated....
Many thanks

Watch Question

Generally, the following ACL would need to added to the folders you want the users to see. I believe only the "List folder" one is required, but I'm including all of these as this is what I generally see used.

List folder / read data
Read attributes
Read permissions

This needs to be added on "This folder only" (under the advanced security settings). This should allow the user(s)/group(s) to see the folder and read the basic attributes of it, but will maintain the security of the items within it.


Dear Geowrian,

Thanks for your reply.

I applied the three security options you suggested to "This folder only", however the folder still didn't appear.  I added 'Read extended attributes' to your three and then it did show the folder, however when I double clicked the folder instead of getting "access denied" or similar I got a message within the explorer view of the folder saying "this folder is empty".

I had really hoped for the "access denied" message.  Do you know why this isn't occuring?  I realise the items within are being protected, however a strong blunt "Access denied" is normal to see.  "This folder is empty" is a bit too ambiguous to end users.

Yes I think you will need to give list folder access for them to see the contents.

No problem. Hmm...I'm not getting that on my side, but I'm doing it on server 2003 over here. Maybe somebody with a similar Server 2008 setup can chime in.
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview


Thank you very much tonyperth!

Access-based enumeration was enabled.  I disabled the function following the general gist of the instructions on the link provided, and now all folders are showing to the end users.  If the end user clicks a folder for which they don't have access rights they receive "Access is Denied" message.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.