Solved

List folder/Read data & Traverse folder/Execute file rights

Posted on 2014-01-29
2
961 Views
Last Modified: 2014-01-29
Hello,

I have a Server 2012 DC for a customer providing network shares. ABE is enabled on the shares.

I have setup the group policy to allow access to folder 1, 2, 3 for team members.
Team members have modify rights on folders 1, 2, 3 with explicit deny on 4 & 5

I have setup the group policy to allow access to folder 1, 2, 3, 4, 5 for team leaders.
Team leaders have modify rights on folders 1-5

I have setup the group policy to allow access to folder 2 for volunteers.
Volunteers have traverse folder and list folder on the root share folder and modify rights on folder 2.

When I map the drive as volunteer I am correctly displayed the folder 2 and its subsequent sub folders.
The above is setup and works fine.

The odd behavior starts when I've tried to allow volunteers access to folder 3.2 & 3.3 and their subsequent subfolders.

I've given the volunteers traverse and list folder rights to folder 3 and given them modify rights on folder 3.2 and 3.3
I would've expected this to give me folder 3 when the share is connected with only 3.2 and 3.3 displayed but it hasn't.
I can however connect to folder 3.2 and 3.3 directly but cannot traverse 3 to get to them.

Example:
Share
> 1
> 2
-> 2.1
-> 2.2
> 3
-> 3.1
-> 3.2
-->3.2.1
-->3.2.2
-> 3.3
--> 3.3.1
--> 3.3.2
--> 3.3.3
-> 3.4
> 4
> 5


What am I missing?
0
Comment
Question by:purpleoak
  • 2
2 Comments
 
LVL 2

Accepted Solution

by:
purpleoak earned 0 total points
ID: 39818303
Found the solution by doing the following:

volunteers given read for this folder only on 3
volunteers given traverse and list for this folder, subfolders and files on 3
volunteers given full control to folders 3.2 and 3.3
0
 
LVL 2

Author Closing Comment

by:purpleoak
ID: 39818307
found the answer myself by testing thoroughly on my server locally
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now