Hiding subfolders from users with Windows Server security
Posted
by
Frans
on Server Fault
See other posts from Server Fault
or by Frans
Published on 2009-10-01T14:26:20Z
Indexed on
2012/03/28
17:33 UTC
Read the original article
Hit count: 311
Using Windows Server 2008.
I would like to allow all users to map to a common network drive and be able to browse it. But, I only want them to be able to see the subfolders they actually have access rights to.
Is this doable?
Example
I have a share with two folders on it;
\\domain\share\FolderA
\\domain\share\FolderB
With three different security groups, I would like to map a network drive for all three to \\domain\share.
However, for group1, I want them to only be able to see FolderA, group2 should only see FolderB and group3 should see both.
I am not just talking about denying access to the actual folder, which is easy enough, I don't want the user to even be able to see that the folder exists.
In other words, when group 1 logs in and do "dir n:\" they should see
N:\FolderA
When group 2 logs in, they should see
N:\FolderB
and when group 3 logs in they should see
N:\Folder A
N:\Folder B
My half-baked solution
If I completely block access to the root then I can't map a drive to it. I can give everyone the traverse right which then allows the user to map a drive. However, if a member of group1 or group2 tries to go to "N:\" they get an access denied error. If they go to N:\FolderA (for group1) then it works.
So, that sort of works, but it would be nicer if the user could actually browse to N:\ and just only see the subfolders they have access to.
I am pretty sure I have seen this done but not sure how to do it myself. Any advice would be greatly appreciated.
© Server Fault or respective owner