Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Sharing folders.. and hiding them!

  • 22-11-2007 12:08pm
    #1
    Registered Users, Registered Users 2 Posts: 5,439 ✭✭✭


    Hi,

    Im trying to find some way of doing the following. Basically I have a shared folder called "DATA" on a Windows 2003 AD server

    Users are mapped to "DATA". There are folders within DATA called 123, ABC and XYZ

    A user called Mary has only access to the folder 123 but this is my question.. Is there a way of hiding the two other folders ABC and XYZ from Mary as she has no access to them and there is no point in showing them to her. I basically want her to see DATA and when she clicks into it, she only sees the folder 123 and nothing else.

    Any ideas how this can be done? The server is Windows 2003 Server

    Thanks ;)


Comments

  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    I don't think this is technically possible - there will always be some way around it.

    The only real options you have are:

    1. Map Mary directly to the 123 folder. A tech-savvy user could work their way back, but what you can do is remove her permission to the DATA folder, break inheritence on the 123 folder and give her access to that folder. This means that she can access \\myserver\DATA\123\, but if she tries to access \\myserver\DATA\, she'll get access denied.

    2. Move the ABC and XYZ folders out of DATA, into a new folder (say called "Management"), and don't give Mary access to that folder.


  • Closed Accounts Posts: 1,650 ✭✭✭shayser


    Would it be any good sharing the subfolders instead and appending "$"?


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,596 Mod ✭✭✭✭Capt'n Midnight


    windows 2003 has a new feature that only shows users folders they have permissions to access
    can't remember the name off hand

    i find the way folders inherit permissions to be a real PITA for stuff like this :mad::mad:


  • Closed Accounts Posts: 1,974 ✭✭✭mick.fr


    seamus wrote: »
    I don't think this is technically possible - there will always be some way around it.

    The only real options you have are:

    1. Map Mary directly to the 123 folder. A tech-savvy user could work their way back, but what you can do is remove her permission to the DATA folder, break inheritence on the 123 folder and give her access to that folder. This means that she can access \\myserver\DATA\123\, but if she tries to access \\myserver\DATA\, she'll get access denied.

    2. Move the ABC and XYZ folders out of DATA, into a new folder (say called "Management"), and don't give Mary access to that folder.

    Well you gave the solution :-) with the point 1
    Forget about the point 2, because as Seamus said other users won't even be able to list the root folder if you remove the "list folders" permissions at the root level (\\server\data)


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    shayser wrote: »
    Would it be any good sharing the subfolders instead and appending "$"?
    While none of what I say here will probably apply to ando's environment, there are a couple of best practice things that you should/shouldn't do with Windows sharing:

    Don't use the "$" symbol as security on your shares. Only Windows machines will comply and not display these shares. If someone connects with a Samba client, for example, they will see all of your administrative shares. You should secure these shares with the necessary permissions and then use the $ symbol as a note to yourself and your other administrators that these are administrative shares.

    You should also avoid nesting shares wherever possible. So if \\server\DATA is shared, try to avoid creating a share on \\server\DATA\depts\Department1. From an administrative POV, it can be a PITA if someone says they're accessing Y share and it takes you ten minutes to figure out that Y share is also a subfolder of X share.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,439 ✭✭✭ando


    windows 2003 has a new feature that only shows users folders they have permissions to access
    can't remember the name off hand

    i find the way folders inherit permissions to be a real PITA for stuff like this :mad::mad:


    thanks everyone for your help. I found what you are talking about Cpt Midnight.. Its called Access-based Enumeration on Windows 2003 SP1 ;) It does exactly what im after ;)


Advertisement