Hiding subfolders from users with Windows Server security

Posted by Frans on Server Fault See other posts from Server Fault or by Frans
Published on 2009-10-01T14:26:20Z Indexed on 2012/03/28 17:33 UTC
Read the original article Hit count: 256

Filed under:
|
|

Using Windows Server 2008.

I would like to allow all users to map to a common network drive and be able to browse it. But, I only want them to be able to see the subfolders they actually have access rights to.
Is this doable?

Example
I have a share with two folders on it;
\\domain\share\FolderA
\\domain\share\FolderB

With three different security groups, I would like to map a network drive for all three to \\domain\share. However, for group1, I want them to only be able to see FolderA, group2 should only see FolderB and group3 should see both.
I am not just talking about denying access to the actual folder, which is easy enough, I don't want the user to even be able to see that the folder exists.

In other words, when group 1 logs in and do "dir n:\" they should see
N:\FolderA

When group 2 logs in, they should see
N:\FolderB

and when group 3 logs in they should see
N:\Folder A
N:\Folder B

My half-baked solution
If I completely block access to the root then I can't map a drive to it. I can give everyone the traverse right which then allows the user to map a drive. However, if a member of group1 or group2 tries to go to "N:\" they get an access denied error. If they go to N:\FolderA (for group1) then it works.

So, that sort of works, but it would be nicer if the user could actually browse to N:\ and just only see the subfolders they have access to.

I am pretty sure I have seen this done but not sure how to do it myself. Any advice would be greatly appreciated.

© Server Fault or respective owner

Related posts about windows-server-2008

Related posts about security