I got it, but I'm not sure it's the "correct" way. Here's what I did: - Provision the top level share - set ntfs perms to "list folder contents" for authenticated users and admins have full control - set share perms to "change, read" for authenticated users and admins have full control - on the sub folders, I set the appropriate AD group to have appropriate perms So now the folders can be seen but the contents not.
>>> "Glen Johnson" <gjohn...@vhcc.edu> 5/19/2009 3:53 PM >>> Since you are on server 2008, check out access based enumeration. ABE, enable that and if a user doesn’t have access to a folder, they can’t even see it. Pretty handy for testing too. Create a test user, put them in one group, login as test user and browse around to see what you can find. Can you access locations you shouldn’t be able to access? Found about 4 users home folders with incorrect permissions in 10 seconds flat using my test user account. From:Tom Miller [mailto:tmil...@hnncsb.org] Sent: Tuesday, May 19, 2009 3:08 PM To: NT System Admin Issues Subject: Best way to set share permissions? Brain cramp here....... I have a top level share called "Data", under which my various departments have their folders. I provide perms to the sub-folders based on AD Groups. I have the logon script set to map a drive to server\data. I don't mind that anyone can see all the folders under "data", but I want to be sure only the user with access to data\folder1 cannot open files under data\folder2. I'm new to file and print under Windows (2008), please pardon my ignorance. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
