Re: Traverse Folder

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 05/16/05

  • Next message: Peter Greenway: "Problems With Certificate Server Not Starting After Restore" 
    Date: Mon, 16 May 2005 07:52:18 -0700

    Traverse a folder does not mean List the content of the folder's
    directory (as you have noticed). Hence, a user cannot "browse"
    to the lower level folder starting at the top if they cannot list
    the content of the upper levels - where "browse" means GUI
    navigation with Explorer.

    Bypass traverse checking only removes the need to have a
    grant of traverse folder on all parent folders. When a user
    with permissions at Level4 attempts a direct access to that
    allowed folder this should be working with only the grant at
    Level4. Try entering the full direct path in Explorer or by
    using the cmd prompt to cd to that folder. The traverse grant
    or check bypass comes into play because in order for the
    system to even locate the lower level directory it needs to
    use those of its parents, and it does do this in the context of
    the executing account. Without either the Bypass traverse
    right, or explicit grants of traverse this fails. Change the
    permissions and try it again with full direct path in Explorer
    or using the cmd prompt. 

    -- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"JDC" <JDC@discussions.microsoft.com> wrote in message
news:AB907E86-1465-4A29-8585-C1A444995BDF@microsoft.com...
> In the example (using Win2003 server, XP client):
> C:\level1\level2\level3\level4  UserA has Full Control in C:\...\level4
but
> no access above level4.  All the verbage I've read states that traverse
> folder will allow UserA to get to level4, "even if the user has no
> permissions for the traveresed folders" but how?  I've given UserA TF
> permisions only on the upper folders, but access is denied.  I've done all
> the combinations of "Bypass Traverse Checking" to include removing the
> "Everyone" group.  The only way I can get UserA to level4 is to grant
"List
> Folder" to all the upper levels.  How does this "Traverse Folder" thing
work.
>  Thanks...
  • Next message: Peter Greenway: "Problems With Certificate Server Not Starting After Restore"

    Relevant Pages

    • RE: Error 52 Bad file or file number
      ... >I have some code that will traverse through a folder/file structure and then create a similar representation of the structure as HTML. ... then traverse the tree and write to the file every time I encounter a folder or file. ... Sometimes it fails after only a few lines have been written to the output file; other times after dozens of lines; other times it does not fail at all. ...
      (microsoft.public.vb.general.discussion)
    • Re: Count of messages in a pst
      ... > Is there code examples on how to traverse the IMAPITable hierarchy? ... >> faster than opening each folder and getting a table on it. ... >>> If i'm loading a PST outlook data file and i want to know how many ...
      (microsoft.public.win32.programmer.messaging)
    • Sharing & NTFS Permissions
      ... If there is anyone out there who is proficient with Windows shares and NTFS ... This is regarding the Traverse ... Folder permission. ... Everyone group the Traverse Folder permission at C:\Test. ...
      (microsoft.public.win2000.security)
    • Sharing & NTFS Permissions
      ... If there is anyone out there who is proficient with Windows shares and NTFS ... This is regarding the Traverse ... Folder permission. ... Everyone group the Traverse Folder permission at C:\Test. ...
      (microsoft.public.security)
    • Re: Is it possible to find out if a MAPIFolder is in the olDefaultFolders constant list?
      ... At the Outlook object model level comparing the folder paths is probably the easiest way to go. ... At a lower level you can get the EntryID's of the default folders directly or from properties on the Store and Inbox objects and use a method to compare the EntryId's. ...
      (microsoft.public.outlook.program_vba)