We help IT Professionals succeed at work.

Share and NTFS permissions in Windows

Medium Priority
90 Views
Last Modified: 2019-11-04
I have a question about shared and NTFS permissions in Windows 2012. I have a main folder called Company and under it I have Accounting and IT. I need user A to have access to Accounting and user B to have access to accounting and IT. I can get everything to work but I need user A to not see the IT drive in the Company folder. I don't know how to do this. All users should only see drives they have access to and not see other drives in the Company folder.
Here is how I have assigned permissions: Company folder Shared with Everyone -Full Permissions and for NTFs permissions Domain Admins -Full , and Domain Users - Read.


Accounting folder has sub folder DEPT- DEPT gets full Admin and then USer A and B gets Modify (NTFS permissions)
Accounting- NTFS permissions- User A and B gets read.

IT folder has sub-folder DEPT- DEPT gets full Admin and then User B gets Modify (NTFS permissions)
IT Folder- NTFS permissions- User B gets read.

Goal is for user A to only see Accounting and it's contents and not see IT. User B should see and access both accounting and IT.
Comment
Watch Question

NVITEnd-user support
CERTIFIED EXPERT

Commented:
What's the Share and Ntfs security settings on the IT folder itself?

Ntfs settings of IT folder should not have Domain Users, Authenticated Users, or Everyone
NVITEnd-user support
CERTIFIED EXPERT

Commented:
Best practice is to put users into groups. Then, give groups ntfs permissions to folders
Sr. Systems Administrator
CERTIFIED EXPERT
Commented:
...but I need user A to not see the IT drive in the Company folder

use access-based enumeration

Access-based enumeration in Windows Server 2012
https://jocha.se/blog/tech/enable-access-based-enumeration-in-windows-server-2012
William FulksIT Services Analyst
CERTIFIED EXPERT

Commented:
If you want them to "not see" a folder then put it elsewhere. Otherwise, it won't really matter if they see it so long as they are denied permission to open it. You're question seems to be more about visibility than access, right?

Author

Commented:
All thanks for all the help but Seth Simmons you hit the nail on the head for me. This is what I was missing. Thank you for the support.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.