RE: [ActiveDir] Hide Subfolders with NTFS Permissions

[Grillenmeier, Guido]

it certainly is practical and has been done this way for many years with Novell...   you're just slightly ahead of the game wanting to do this with NTFS - this is currently not possible, but will be with Windows Server 2003, SP1.  The feature is called Access Based Enumeration and will allow you to configure security on your folders as you've desribed.  If enabled, the server will only list those folders to which a user has at least read-permissions.   This is what Novell folks migrating to NTFS have been waiting on for years...  It's still not as powerful as the Novell file-permissions model, as you'll have to grant the correct permissions right down to the folder that you want your users to work with, but it's already a big achievement and very much asked for with my customers.   If you want to implement such a "view" today or with Win2000 Fileservers, you could still achieve it using multiple DFS roots (hosted on a 2003 server) - but it's quite a bit of extra work... - believe me...   /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Monday, January 24, 2005 5:00 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Hide Subfolders with NTFS Permissions Hello all:   Management has requested a NTFS permissions structure that “hides” certain subfolders. Here’s what I want to do:   Folder  ->  NTFS Permission by Group \Management (share)    -> Managers     \ Legal -> (inherited)     \ HR -> (inherited)     \ Sales -> Managers and Sales     \ Finance -> Managers and Bookkeepers   For people in the Managers group, \Management maps as M: and they see and have access to all subfolders. For Sales folks, \Management maps as M: but they only see and have access to \management\sales For Bookkeepers, \Management maps as M: but they only see and have access to \management\Finance   Is this possible? Or practical? Does this violate some “best practices”?   Thanks.   -- nme