Yes!! About time.
-ASB FAST, CHEAP, SECURE: Pick Any TWO http://www.ultratech-llc.com/KB/ On Mon, 24 Jan 2005 17:59:34 +0100, Grillenmeier, Guido <[EMAIL PROTECTED]> wrote: > problem with this approach is that they don't see anything underneath the > Management share - and since you can only map a single share to a drive > letter, you'd have to introduce multiple mapped drives to achieve this goal, > which is what Windows admins have done all along, e.g. if someone is member > of two of the groups (e.g. write on Sales, but read on Finance...). > > In large environments this becomes rather messy... - thus the new Access > Based Enumeration feature in 2003 SP1. > > /Guido > ________________________________ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Perdue David J > Contr InDyne/Enterprise IT > Sent: Monday, January 24, 2005 5:23 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Hide Subfolders with NTFS Permissions > > You can. You just have to deny them "list folder contents", and they can > not see what's in the folder, that coupled with a denied read should take > care of it. > Personally, I'd create new shares for Sales and Finance and map those > straight to M:. Then map your Management to M: for your respective groups. > > //SIGNED// > ------------------------------------------------ > David J. Perdue > Network Security Engineer, InDyne Inc > Comm: (805) 606-4597 DSN: 276-4597 > ------------------------------------------------ > > ________________________________ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger > Sent: Monday, January 24, 2005 08:00 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Hide Subfolders with NTFS Permissions > > > > Hello all: > > > > Management has requested a NTFS permissions structure that "hides" certain > subfolders. Here's what I want to do: > > > > Folder -> NTFS Permission by Group > > \Management (share) -> Managers > > \ Legal -> (inherited) > > \ HR -> (inherited) > > \ Sales -> Managers and Sales > > \ Finance -> Managers and Bookkeepers > > > > For people in the Managers group, \Management maps as M: and they see and > have access to all subfolders. > > For Sales folks, \Management maps as M: but they only see and have access to > \management\sales > > For Bookkeepers, \Management maps as M: but they only see and have access to > \management\Finance > > > > Is this possible? Or practical? Does this violate some "best practices"? > > > > Thanks. > > > > -- nme List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
