Does ABE work on shares or just the folders under the share? -----Original Message----- From: Ziots, Edward [mailto:[email protected]] Sent: Tuesday, August 10, 2010 7:34 AM To: NT System Admin Issues Subject: RE: File server structure and perms
Have you had experience is Access Based Enumeration? You can setup one master share, and unless you have NTFS permissions of read to the directory underneath, the user doesn't even see the directory, which means they wouldn't be able to read/write from it, and should solve the problem. I do agree that it's a little more labor intensive, but you could setup the structure, use Icacls.exe to backup the ACL's once in place ( or script it out) and if anything goes wrong, reply the ICACLS script to set the permissions accordingly. I have done this on Windows 2003 R2, and looking to make it the defacto standard on Windows 2008 R2 ( As soon as I plow through Miansi's most excellent 2008 R2 book, if you don't have a copy, I would suggest you get it) Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 -----Original Message----- From: Charlie Kaiser [mailto:[email protected]] Sent: Monday, August 09, 2010 10:47 PM To: NT System Admin Issues Subject: File server structure and perms I've been tasked with setting up a file server structure for a client. SBS 2008. We normally set up Home, Shared, and Public. Client wants a completely different paradigm. They want a master folder for each of their clients, with subfolders below that which have varying permissions. So for example: Client master folder ->test results ->notes ->estimates ->contracts Each of the subfolders would have different perms; techs writing data to test results would not have access to estimates, for example. They also wish to have a template setup so that each time they add a client, they can put this structure in place and have the appropriate permissions in effect. I don't see a simple way to do this. It looks to be highly IT-intensive, which is not what we nor the client would like. It almost sounds more like a sharepoint thing, although I have little first-hand knowledge of sharepoint deployments. Any suggestions? Thanks! *********************** Charlie Kaiser [email protected] Kingman, AZ *********************** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
