Specifically, the folders when viewed via a share can be hidden with 2K3 SP1. When viewed directly from the file system (if logged on locally, for example), the folders will still be visible. Baby steps. ;>
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Grillenmeier, Guido > Sent: Monday, January 24, 2005 10:24 > To: [email protected] > Subject: RE: [ActiveDir] Hide Subfolders with NTFS Permissions > > it certainly is practical and has been done this way for many > years with Novell... > > you're just slightly ahead of the game wanting to do this > with NTFS - this is currently not possible, but will be with > Windows Server 2003, SP1. The feature is called Access Based > Enumeration and will allow you to configure security on your > folders as you've desribed. If enabled, the server will only > list those folders to which a user has at least read-permissions. > > This is what Novell folks migrating to NTFS have been waiting > on for years... It's still not as powerful as the Novell > file-permissions model, as you'll have to grant the correct > permissions right down to the folder that you want your users > to work with, but it's already a big achievement and very > much asked for with my customers. > > If you want to implement such a "view" today or with Win2000 > Fileservers, you could still achieve it using multiple DFS > roots (hosted on a 2003 server) - but it's quite a bit of > extra work... - believe me... > > /Guido > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger > Sent: Monday, January 24, 2005 5:00 PM > To: [email protected] > Subject: [ActiveDir] Hide Subfolders with NTFS Permissions > > > Hello all: > > Management has requested a NTFS permissions structure that > "hides" certain subfolders. Here's what I want to do: > > Folder -> NTFS Permission by Group > \Management (share) -> Managers > \ Legal -> (inherited) > \ HR -> (inherited) > \ Sales -> Managers and Sales > \ Finance -> Managers and Bookkeepers > > For people in the Managers group, \Management maps as M: and > they see and have access to all subfolders. > For Sales folks, \Management maps as M: but they only see and > have access to \management\sales For Bookkeepers, \Management > maps as M: but they only see and have access to \management\Finance > > Is this possible? Or practical? Does this violate some "best > practices"? > > Thanks. > > -- nme > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
