I have, or so I thought, limited enumeration based on NTFS. The shared folder in question is hung off a server and uses two instances \\server\new shared\ and \\server\newshared\ for the same folder. Note the instance names differ by the presence or lack of a space.
If a user hits the “new shared” with a space, their view is limited based on NTFS perms. Folders to which they have no permission are not seen. However, if a user hits “newshared” with no space, they can see all the folders contained. They are still prevented from accessing the subfolders as they should by NTFS, but now they can see them.
Share level permissions for “New Shared” are, Authenticated Users, domain Users, and Administrators(local) all full control. The share level permissions for “NewShared” are Authenticated Users, Domain Admins, and Domain Users, again all full control.
As the GPO shared drive mapping is through “new shared” I’m probably going to just kill the “newshared” instance, but I would like to understand. The mapping GPO is set to “Run in logged on user’s security context”, Show this drive, show all drives, reconnect, with a designated drive letter mapped to “New Shared”.
Clients are Win7-32. Server is 2008R2 with file server and print server roles.