How to setup NTFS ACL with Acces Based Enumeration
Posted
by
Patrick Pellegrino
on Server Fault
See other posts from Server Fault
or by Patrick Pellegrino
Published on 2012-11-20T22:04:35Z
Indexed on
2012/11/20
23:03 UTC
Read the original article
Hit count: 273
We're in the process of migrating from Novell Netware to Windows 2K8 R2 infrastructure (AD, File server, print server... etc)
My question is about ACL. While Netware and Windows are totally different, I want to be sure my thnking is good before screwing everything up!
There's a scenario :
F:
|
+-- DATA <= Shared as DATA with Access based enumeration
|
+-- Folder 1
+-- Team 1's Folder
+-- Team 2's Folder
...
In that case, by default, rights are herited from the F: to the deepest folders.
What we want :
- Administrators group have full control top - down.
- From DATA, ABE list only folders that users have access. (ex. : I'm in group Team 2, I see Team 2's Folder).
From what I understand, at DATA I remove all NTFS ACL to be herited (ex. Users Group), be sure to keep Administrators Group and SYSTEM user.
After that, grant Full control (or any right needed) on each folder to Groups or Users that have to have access.
Does I'm wrong ? Anything I should take care of ?
Any help to my understanding will be very appreciated.
Regards.
© Server Fault or respective owner