How to setup NTFS ACL with Acces Based Enumeration

Posted by Patrick Pellegrino on Server Fault See other posts from Server Fault or by Patrick Pellegrino
Published on 2012-11-20T22:04:35Z Indexed on 2012/11/20 23:03 UTC
Read the original article Hit count: 87

We're in the process of migrating from Novell Netware to Windows 2K8 R2 infrastructure (AD, File server, print server... etc)

My question is about ACL. While Netware and Windows are totally different, I want to be sure my thnking is good before screwing everything up!

There's a scenario :

+-- DATA <= Shared as DATA with Access based enumeration
     +-- Folder 1
     +-- Team 1's Folder
     +-- Team 2's Folder

In that case, by default, rights are herited from the F: to the deepest folders.

What we want :

  • Administrators group have full control top - down.
  • From DATA, ABE list only folders that users have access. (ex. : I'm in group Team 2, I see Team 2's Folder).

From what I understand, at DATA I remove all NTFS ACL to be herited (ex. Users Group), be sure to keep Administrators Group and SYSTEM user.

After that, grant Full control (or any right needed) on each folder to Groups or Users that have to have access.

Does I'm wrong ? Anything I should take care of ?

Any help to my understanding will be very appreciated.


© Server Fault or respective owner

Related posts about windows-server-2008-r2

Related posts about ntfs