Read up on DAC in WS2012, makes ABE look like child's play. http://blogs.technet.com/b/windowsserver/archive/2012/05/22/introduction-to-windows-server-2012-dynamic-access-control.aspx
From: David Lum [mailto:[email protected]] Sent: Thursday, July 12, 2012 7:40 AM To: NT System Admin Issues Subject: RE: File/Folder Permission ABE rocks. I remember adding it to 2003 servers when the add-in came out. From: Andrew S. Baker [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Thursday, July 12, 2012 7:31 AM To: NT System Admin Issues Subject: Re: File/Folder Permission A. Create a new share, such that \\ipaddress\E<file:///\\ipaddress\E> = \\ipaddress\A\B\C\D<file:///\\ipaddress\A\B\C\D> OR B. Use Access-based Enumeration http://blogs.technet.com/b/hugofe/archive/2010/06/21/windows-2008-access-based-enumeration-abe.aspx?Redirected=true ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Thu, Jul 12, 2012 at 10:07 AM, Haritwal, Dhiraj <[email protected]<mailto:[email protected]>> wrote: Then user will be able to see all folder/files. Is there any other option to allow only child folder access (D) without giving root folder access. Dhiraj From: Andrew S. Baker [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, July 12, 2012 18:34 To: NT System Admin Issues Subject: Re: File/Folder Permission Path \\ipaddress\a\b\c\d<file:///\\ipaddress\a\b\c\d> makes it look like \\ipaddress\A<file:///\\ipaddress\A> is a sharename. If so, you need permissions A and D If it were a local folder, everything else that has been said already would come into play. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Thu, Jul 12, 2012 at 8:54 AM, Haritwal, Dhiraj <[email protected]<mailto:[email protected]>> wrote: Ben, I have given Security permissions only on D folder & tried to access path \\IPAddress\A\B\C\D<file:///\\IPAddress\A\B\C\D> from client side, but showing error "you don't have access rights to access that folder etc". Dhiraj -----Original Message----- From: Ben Scott [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, July 12, 2012 18:13 To: NT System Admin Issues Subject: Re: File/Folder Permission On Thu, Jul 12, 2012 at 8:05 AM, Haritwal, Dhiraj <[email protected]<mailto:[email protected]>> wrote: > But Ben There are multiple folders inside the root folder. Ex root > folder is A --> B --> C -->D > > Now the shared folder is "A" which is root folder & I want to give > access of folder "D" to a user who doesn't have root folder access "A". > is it possible. Will he able to access that child folder. By default, the user will be able to access D, even if the user cannot read A, B, or C. (There is a feature, "Bypass traverse checking", which allows this. It is enabled by default.) However, the user may not be able to *find* D if they can't read the parent folders. They would need to enter/type/know the path to D explicitly, rather than drilling down through folders. Shortcuts and hyperlinks can help here. If you want users to be able to navigate to D by clicking through parent folders, you'll need to give the users read permission to the parents folders. You don't need to grant them anything other than read/list on those folders, though. You can choose to apply the permission to "This folder only", for example. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
