Solved

Folder Sharing Windows 2003 - sub folder permissions

Posted on 2013-12-20
9
130 Views
Last Modified: 2015-02-17
I have a top level folder in a file share (call it my D: drive)
In the D: drive my users see a folder called Test.
and in the folder Test there are 2 more folders called A and B
My Question:
How to I grant a Domain user the permission to go into Test but only see folder A and NOT see Folder B
I know how to make it so they can't access Folder B but how do I do my settings in Windows 2003 so they can not SEE Folder B?
Thanks!
0
Comment
Question by:Fragclub27
9 Comments
 
LVL 15

Expert Comment

by:weinberk
Comment Utility
I don't think this can be done unless you remove "list folder / read data" rights, but that would make it so that files can't be listed either...

I'd suggest, if your scenario works swapping the hierarchy.  Have the the files that users need access to be a subfolder of a folder that only select users can see.   Essentially setup multiple shares and have no private data be in a subfolder of a less restricted share.

Remember that you can always create shortcuts in shares to other shares, so having multiple shares should be a option as well, like this:

d:
    shareforfullaccess
         link to FolderA
         link to FolderB
    share restricted
         linktofolderA

    folder A
    Folder B

Hope this helps.
0
 
LVL 26

Expert Comment

by:pony10us
Comment Utility
Remove share to "Test"
Add a share to "Folder A"
Add a share to "Folder B"

Set permissions to the "Folder A" for Domain User(s)

They won't be able to access "Test" since it isn't a share and therfore they won't see "Folder B".
They won't actually see "Folder A" because it will be treated as a root folder using this method.
0
 
LVL 1

Author Comment

by:Fragclub27
Comment Utility
Removing share is not an option
Perhaps it is not doable in a simple way
0
 
LVL 26

Expert Comment

by:pony10us
Comment Utility
Are you using DFS?  If so then take a look at Access Based Enumeration:  

http://support.microsoft.com/kb/961658

EDIT:  Nevermind.  I just read again that you are using 2003 and this would apply to 2008.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 20

Expert Comment

by:Lazarus
Comment Utility
You need Win Server 2003 R2 or SP1 to be able to use it.

Use ABE for Windows Server 2003 - http://www.microsoft.com/en-us/download/details.aspx?id=17510 This is Access-based Enumeration. This will accomplish what you want.

A How-To for implementation: http://www.windowsnetworking.com/articles-tutorials/windows-2003/Implementing-Access-Based-Enumeration-Windows-Server-2003.html
0
 
LVL 1

Author Comment

by:Fragclub27
Comment Utility
I've requested that this question be deleted for the following reason:

Old
0
 
LVL 26

Expert Comment

by:pony10us
Comment Utility
I think some recognition of the solution and if any of the offered assistance was helpful or not should be included in the reason for requesting the deletion instead of simply stating "Old". There was no acknowledgement to the last 2 experts suggestions.

I do agree that this is old (over a year so I am surprised that it has escaped cleanup).
0
 
LVL 1

Accepted Solution

by:
Fragclub27 earned 0 total points
Comment Utility
Solved it by using This Folder Only permissions when assigning rights
Thanks,
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now