Re: Folder views for NTFS permissions

• Previous message: Dude Pigeon: "Registry Lockdown?"
• In reply to: Mark J. Smith: "Re: Folder views for NTFS permissions"
• Next in thread: Mark J. Smith: "Re: Folder views for NTFS permissions"
• Reply: Mark J. Smith: "Re: Folder views for NTFS permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: dmiller@printcafe.com (Dave Miller)
Date: 10 Jan 2002 11:16:08 -0800

Mark,

Thanks for the thorough response here, however this isn't exactly what
we are looking for. In your recommendation, we would need to have a
seperate drive letter for the Users folder and then another drive
letter for Public info. This would work in this one instance, but
creates other problems when we want to do similar things to other
folders. In many cases we have numerous folders within a subfolder
that we do not want the users to be able to see. In other words, back
to the Users\Public example: Is there a way in NTFS to remove the
ability to see a folder? For example:
L drive has the following subfolders:
Marketing
   NWarea
   SWarea
   NEarea
   SEarea
Sales
   Largeco
   smallco
Management
   Susan
   Clairice
   Gerald
   Robert
Support

User1 only needs access to the Robert folder in Management and I don't
want him to see the Gerald, Clairice, or Susan folders. I also do not
want User1 to see the Marketing, Sales, or Support folders.
User1 (in Novell) would have a drive mapping to L, just like all the
other users and would only see:
Management
    Robert

Is there a way to do this in NTFS without mapping separate drives?

Thanks again for any insight.

-Dave

So do you know if it is possible to have a situation such as the one I
quoted below: An H drive with the Users folder and the Public folder
with vi

"Mark J. Smith" <mjsmith@dol.net> wrote in message news:<M5a%7.238$rU.54825@monger.newsread.com>...
> Considering some differences between Novell and Microsoft, you may want to
> change direction a little bit on this issue.
>
> Change the rights on the H:\Public folder itself to Administrative access
> only (I always include LocalMachine\Administrators, LocalMachine\System, and
> Domain\Domain Administrators with full control). Remove all other rights,
> but do not deny access... just leave all other groups out. This will have
> the effect of preventing them from viewing the directory and it's contents.
>
> On the subdirectory you want them to have access to, add the user name (or
> group) with Change access. Unless you have removed the "Bypass Traverse
> Checking" right, they will be able to read files from that directory if they
> can get to it... which requires the directory to be shared. Share the
> subdirectory with Change access to the same group.
>
> Set the user's home drive in their profile to \\Servername\Username. Do this
> by selecting the user name, opening the profile tab, and select Home Folder,
> Connect, Drive Letter, and the path. (You can set the default user to
> \\Servername\%Username% and it will fill it in for new users.)
>
> So, assuming on Server1 you have User1 and User2, the NTFS directory
> permissions would look like this:
> Public- Server1\Administrators, Server1\System, and Domain\Domain
> Administrators Full Control. (I would share this with the share permissions
> also set to Server1\Administrators, Server1\System, and Domain\Domain
> Administrators Full Control for maintenance work.)
> Public\User1- Server1\Administrators, Server1\System, and Domain\Domain
> Administrators Full Control, User1 Change, shared as \\Server1\User1.
> Public\User2- Server1\Administrators, Server1\System, and Domain\Domain
> Administrators Full Control, User2 Change, shared as \\Server1\User2.
>
> Assuming you still wanted to use H: for the drive letters, they would appear
> to the user as "User1 on 'Server1" (H:)", and only their directory would be
> visible.
>
> For NTFS information, the first place to start is simply under the built-in
> help files... Start, Help, select the Search tab, and type in "ntfs" for
> general information, and "ntfs permissions" for some more specific topics.
>
> Specific information on NTFS can also be found here:
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/fsys
> _538t.asp with specific information on access controls here:
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/Se
> curity/access_control.asp
>
> An adaptable process that could save you quite a bit of time can be found in
> the Microsoft Knowledge Base at support.microsoft.com. Search for this
> article:
> Batch Process to Create and Grant Access to Home Directories (Q155449)
> Some other useful articles that may be of assistance:
> Default NTFS Permissions in Windows NT (Q148437)
> Default NTFS Permissions in Windows 2000 (Q244600)
> Step by Step: Novell NetWare to Windows NT Migration (Q187789) (For NT 4,
> but has some applicable information.)
> How to Restore the Default NTFS Permissions for Windows 2000 (Q266118) (In
> case of problems during the learning curve.)
>
> In general, the Knowledge Base (Support.Microsoft.Com) and MSDN
> (MSDN.Microsoft.Com) are excellent references. If you are new to Microsoft
> servers, you should also take the time to look through the security
> information at WWW.Microsoft.Com\Security.
>
> I hope this helps. Good luck with the conversion.
>
>
>
>
> "Dave Miller" <dmiller@printcafe.com> wrote in message
> news:3f45178a.0112211337.6db0c5d8@posting.google.com...
> > We are setting up Windows 2000 AD for File and Print services. We are
> > moving from Novell's NDS.
> >
> > Does anyone know of a way to block the ability to view folders that
> > the user does not have permissions to? In other words, we have an
> > H:\Public directory with all the users folders in them. With Novell,
> > we had the ability to only display the users folder that the
> > particular user had rights to. With 2000 (NTFS) it seems that the
> > only option is for them to view all folders within the Public
> > directory. With Novell, if you gave a user rights to a directory that
> > was nested 6 folders deep, they automatically were given traversing
> > rights to find that directory and the path to get there. With NTFS,
> > it looks quite different. We have to give the user rights through
> > every folder to get to the one folder he needs access to. Any help
> > here would be appreciated. Hope you can understand this.
> >
> > -Dave
> >
> > P.S. Also - any info on the web that you are aware of that clarifies
> > NTFS permissions would be helpful (we've searched quite a bit and have
> > found scant info).

• Next message: Sloan, R: "Security Manual Tool Kit"
• Previous message: Dude Pigeon: "Registry Lockdown?"
• In reply to: Mark J. Smith: "Re: Folder views for NTFS permissions"
• Next in thread: Mark J. Smith: "Re: Folder views for NTFS permissions"
• Reply: Mark J. Smith: "Re: Folder views for NTFS permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]