Re: File Server rights

I hope Steve does not mind if I attempt to clarify a little.
Particularly, some might find this initial statement perplexing
<quote>
a user can see the contents of a share even if they do
not have read access to the contents
</quote>
The way Windows NTFS works is that execute on a directory
(that is, List) is needed in order to navigate to (browse through
the filesystem) something within the directory.
But, Listing the content of a directory is what people often want
to avoid, especially when coming from Netware.
In order to access a listed file Read is needed on that file, and
in order to navigate to contents of a subdir List on it is needed.
There is no way to prevent this behavior for direct filesystem
access. However, W2k3 and later, if access is by means of
shares then ABE can be used to mask visibility of what is not
within grants of the user of the shares. To effectively use ABE
to accomplish this one may need to refactor how the storage
is structured in order to work with ABE's capabilities.

"SEgerton" <SEgerton@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0A2ACD82-08D3-4520-8865-697098A9B8A6@xxxxxxxxxxxxxxxx
I have an issues. I'm new to Active Directory, coming from a Netware
background.

First, I have one file server that is connected to the new domain. I
haven't
ran the file server fole utility. Don't think i have to.

On the D drive of this server i have folder that represent each of my
departments. Under the departments, i have a users directory with
directorord
under that for each user. Im trying to give users rights to there own
directory, without allowing them to browse under the root users directory
and
seeing all the other users directories and info. When they browse through
the
network; i only want them to see the directory and or files that they have
rights to.

So far, this is what i have. The server is Server3. On the d drive i have
d:\\department\users\username. With in the properties of the users
directory
i have give the user full rights to their own directory. I have shared out
the department directory to a group that all the users in that department
belong to. I left the default security rights for now. They are
DomainUsers/
Read & Execute, List Folder Contents, Read, and Special Permission. When i
log into the users workstation, they currently can browse
//server3/department/users/ and see all the other users directories and
files. How Do i have create rights so that users only see their own info.

Thanks for your help in advance



.

Relevant Pages

  • Re: SCW question.
    ... Created a new Server and installed IIS. ... and saw that the default rights for IUSR and IWAM users are there. ... Server to the domain without and GPO's applied...Local Security policy ... rights (which coincides with my Member server GPO settings). ...
    (microsoft.public.windows.server.security)
  • Re: SBS 2003 folder redirection, offline files, ..and more
    ... you log into a shared PC with admin rights and go to Windows Explorer Folder ... documents are redirected to the server. ... without redirection, they wouldn't have been. ...
    (microsoft.public.windows.server.sbs)
  • Re: file rights issue...
    ... Domain Admin has rights to everything so not being able to access the ... The Terminal Server is an entirely different ... of BV we are running uses an SQL DB engine called Pervasive SQL to ... the accounting data on the Windows 2000 server through the pervasive ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: sbs2003 to (new)server2003 user issue
    ... Meinolf Weber ... This posting is provided "AS IS" with no warranties, and confers no rights. ... sbs server dead sunday night. ... Even if the account in the domain and the local account on the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Using COM OutProc server on WinCE
    ... Microsoft Corporation ... This posting is provided "AS IS" with no warranties, and confers no rights. ... inproc server should be OK on WM5.0 ... nk.exe (kernel process) and you can't popup UI from nk.exe in CE 6.0. ...
    (microsoft.public.windowsce.app.development)