Re: Cannot disable folder listing...

From: Roger Abell [MVP] (mvpNOSPAM@asu.edu)
Date: 02/08/03 

From: "Roger Abell [MVP]" <mvpNOSPAM@asu.edu>
Date: Sat, 8 Feb 2003 00:10:47 -0700

If you use AD and your users find things via
searches in AD then this visibility of even the
existance can be masked out. 

-- 
Roger Abell
MS MVP (Security, Windows), MCDBA,  MCSE both
Associate Expert - Windows XP ExpertZone
http://www.microsoft.com/windowsxp/expertzone
"Michael" <m.abramovich@nhc.com> wrote in message news:06b401c2cd44$51a715d0$8af82ecf@TK2MSFTNGXA03...
> Thank you Rodger.
> It's funny from security perspective. It's like 95 
> sharing...
> On Netware since earliest versions was possible to hide 
> what not supposed to be shown.
> Michael.
> 
> 
> 
> 
> >-----Original Message-----
> >Sorry, I did not mean to confuse things with that DFS 
> >mention, and then I typo'd it (should have been) :
> >
> >but  _with_out_  having DFS available that is about 
> >all you can do
> >
> >With DFS you can give a logical name to a link to 
> >a share, and the ability to follow the link to the share 
> >will depend on that account's permissions on the target 
> >share.  However, even here the other users will see that 
> >there is something there.
> >
> >You can of course use hidden shares (just name the share 
> >with a $ at the end) and these will not show up in the 
> MS 
> >provided user interfaces for any account (other tools 
> will 
> >disclose their existance and list them).
> >-- 
> >Roger 
> >
> >"Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message 
> news:#m$hskSzCHA.1132@TK2MSFTNGP10...
> >AFAIK what you want cannot be done.
> >You can burry things one layer deeper, with some 
> >generic User1, User2, etc at the visible layer, but 
> >with having DFS available that is about all you 
> >can do, and even with DFS the ability to list on 
> >the containing parent is needed.
> >
> >-- 
> >Roger 
> >
> >"Michael." <m.abramovich@nhc.com> wrote in message 
> news:02fc01c2cd13$89dd0030$89f82ecf@TK2MSFTNGXA01...
> >> Hello Roger,
> >> thank you very much for the answer.
> >> Read please below.
> >> I will appreciate further troubleshooting.
> >> 
> >> >-----Original Message-----
> >> >Hi Michael,
> >> >
> >> >I am trying to follow you, and from what you have 
> >> >said it seems that you do have Pro version and you 
> >> >have disabled Simplified sharing already.  
> >> 
> >> YES.
> >> 
> >> If so, 
> >> >then you should be able to do what you are after 
> >> >in the way you have tried, if what you mean by 
> >> 
> >> >> When user2,3,4,5 logs in he can see folder one.
> >> >is that they cannot see into the folder rather than 
> >> >see the folder (that it exists).
> >> 
> >> When user2,3,4,5 double click on computer icon (when 
> >> browsing the network). He can see (list) all 5 folders
> >> Sure he can't open folder1.
> >> I want to restrict even listing...
> >>  
> >> >Keep in mind that 
> >> >share and ntfs permissions setting apply when 
> >> >   access is over the network
> >> >only ntfs permissions apply when logged in locally
> >> >
> >> >For folder "user1", granting only account user1 in 
> >> >the sharing tab's permissions button, and also in the 
> >> >directory's security tab for ntfs should do what you 
> >> >want for both network and local logins, unless you 
> >> >want user2,3,4,5 to not even see that the folder 
> exists.
> >> 
> >> I want user2 to not even see that the folder1,3,4,5 
> exists.
> >> User1 to not see that folder2,3,4,5 exists etc.
> >> 
> >> Probably something is missed...
> >> On Netware it so easy.
> >> 
> >> I disable share even for administrator and system.
> >> What else?
> >> 
> >> >
> >> >-- 
> >> >Roger Abell
> >> >MS MVP (Security, Windows), MCDBA,  MCSE both
> >> >Associate Expert - Windows XP ExpertZone
> >> >http://www.microsoft.com/windowsxp/expertzone
> >> >
> >> >"Michael" <m.abramovich@nhc.com> wrote in message 
> >> news:09c901c2cc9b$93400a00$8df82ecf@TK2MSFTNGXA02...
> >> >> Hi,
> >> >> I have sharing question on XP.
> >> >> 
> >> >> I created 5 users. On \D I have 5 folders.
> >> >> I want to share folders on LAN in a way where User1 
> can
> >> >> access Folder1, User2 can access Folder2 etc.
> >> >> 
> >> >> I need that when user logs in he/she could see just 
> the 
> >> >> folder shared for this user.
> >> >> 
> >> >> What I did:
> >> >> I removed all group membership.
> >> >> Folders are shared:
> >> >> user1 - folder1 
> >> >> user2 - folder2
> >> >> etc.
> >> >> Under Sharing tab:
> >> >> Share this folder
> >> >> 
> >> >> Permission (button):
> >> >> Group or user name: user1 (full control). No other 
> >> groups 
> >> >> or users.
> >> >> 
> >> >> Under security tab:
> >> >> user1 Full control. No other groups or users.
> >> >> 
> >> >> When user2,3,4,5 logs in he can see folder one.
> >> >> What is the mistery. I want to restrict listing for 
> >> user 
> >> >> that doesn't have rights to folder.
> >> >> 
> >> >> How I can disable listing for unappropriated user.
> >> >> Thanks.
> >> >> Michael.
> >> >> 
> >> >> 
> >> >.
> >> >
> >.
> >