Discussion:
Windows 2003 File Server Access
(too old to reply)
b***@gmail.com
2006-04-01 00:21:43 UTC
Permalink
I have spent the last 6 years managing a Netware 5 network that we will
soon be migrating to a Windows AD. We currently have a file structure
that starts general and progressive gets more specific so there is a
data volume, under that one folder is called labs, under that a
specific lab name, and so on. Under Netware, if I give access to a
folder under one of the lab names to a user, that person can browse
starting at the volume all the way down to the specific folder. If
that is the only folder they have rights to, they will only see the
parent folders to the one they have rights to as they browse, this
works very well for us. Now I want to set up the same structure on a
windows 2003 server, but it doesn't work the same way. If I give
someone rights to a sub-folder, that is all they can see and they
either need to know the UNC path or have a drive letter mapped directly
to. Is there something I am missing or is this something I have to
deal with?

Brian
Doug Sherman [MVP]
2006-04-01 01:52:16 UTC
Permalink
Not sure I followed this. But if the subfolder is not shared, then the user
will not 'see' it unless he connects to the parent share. Normally, the user
should see all the subfolders when connected to a share:

http://support.microsoft.com/kb/323386/en-us

You can change this behavior with access based enumeration:

http://www.microsoft.com/downloads/details.aspx?FamilyID=04a563d9-78d9-4342-
a485-b030ac442084&DisplayLang=en

Doug Sherman
MCSE, MCSA, MCP+I, MVP
Post by b***@gmail.com
I have spent the last 6 years managing a Netware 5 network that we will
soon be migrating to a Windows AD. We currently have a file structure
that starts general and progressive gets more specific so there is a
data volume, under that one folder is called labs, under that a
specific lab name, and so on. Under Netware, if I give access to a
folder under one of the lab names to a user, that person can browse
starting at the volume all the way down to the specific folder. If
that is the only folder they have rights to, they will only see the
parent folders to the one they have rights to as they browse, this
works very well for us. Now I want to set up the same structure on a
windows 2003 server, but it doesn't work the same way. If I give
someone rights to a sub-folder, that is all they can see and they
either need to know the UNC path or have a drive letter mapped directly
to. Is there something I am missing or is this something I have to
deal with?
Brian
b***@gmail.com
2006-04-03 16:46:12 UTC
Permalink
Thanks for your post. I couldn't get to the second link even when I
combined both lines. I know how to connect to a Windows share but what
I'm not sure about is how to set up the permissions to accomplish in
Windows, the same look I have in Netware. From what I can tell, in
order for someone to see a complete path from the shared "parent
folder" to the folder I actually want them to have full rights to, a
few levels down, I will have to give them read rights to every folder
in between and make sure inherited rights is turn off, which sounds
like a lot of work. It seems like a possible security risk though, to
let Everyone have read rights from the top level down, which would let
them view every folder as well as see files they can't. Even if they
can't open the file, they would still be able to read the name.

Please let me know if I am still not being clear.

Thanks,
Brian
Doug Sherman [MVP]
2006-04-06 15:38:46 UTC
Permalink
OK - try this one:

http://support.microsoft.com/kb/303758/en-us

Doug Sherman
MCSE, MCSA, MCP+I, MVP
Post by b***@gmail.com
Thanks for your post. I couldn't get to the second link even when I
combined both lines. I know how to connect to a Windows share but what
I'm not sure about is how to set up the permissions to accomplish in
Windows, the same look I have in Netware. From what I can tell, in
order for someone to see a complete path from the shared "parent
folder" to the folder I actually want them to have full rights to, a
few levels down, I will have to give them read rights to every folder
in between and make sure inherited rights is turn off, which sounds
like a lot of work. It seems like a possible security risk though, to
let Everyone have read rights from the top level down, which would let
them view every folder as well as see files they can't. Even if they
can't open the file, they would still be able to read the name.
Please let me know if I am still not being clear.
Thanks,
Brian
Paul
2006-07-06 21:34:01 UTC
Permalink
Doug,

I found your post here and it looks like what I am desparate for but I am
running Windows Storage Server 2003 and the download will not install. It
would seem to be far more important to run on WSS especially since it is only
used for file sharing whereas regular Windows Server can be used for tons of
other services and might have nothing at all to do with file sharing. Hmm...
Do you know if a release is or will be available for WSS?

Thanks!

Paul
Post by Doug Sherman [MVP]
http://support.microsoft.com/kb/303758/en-us
Doug Sherman
MCSE, MCSA, MCP+I, MVP
Post by b***@gmail.com
Thanks for your post. I couldn't get to the second link even when I
combined both lines. I know how to connect to a Windows share but what
I'm not sure about is how to set up the permissions to accomplish in
Windows, the same look I have in Netware. From what I can tell, in
order for someone to see a complete path from the shared "parent
folder" to the folder I actually want them to have full rights to, a
few levels down, I will have to give them read rights to every folder
in between and make sure inherited rights is turn off, which sounds
like a lot of work. It seems like a possible security risk though, to
let Everyone have read rights from the top level down, which would let
them view every folder as well as see files they can't. Even if they
can't open the file, they would still be able to read the name.
Please let me know if I am still not being clear.
Thanks,
Brian
Bryce Alan Katz
2006-04-07 16:28:48 UTC
Permalink
Post by b***@gmail.com
Thanks for your post. I couldn't get to the second link even when I
combined both lines. I know how to connect to a Windows share but what
I'm not sure about is how to set up the permissions to accomplish in
Windows, the same look I have in Netware. From what I can tell, in
order for someone to see a complete path from the shared "parent
folder" to the folder I actually want them to have full rights to, a
few levels down, I will have to give them read rights to every folder
in between and make sure inherited rights is turn off, which sounds
like a lot of work. It seems like a possible security risk though, to
let Everyone have read rights from the top level down, which would let
them view every folder as well as see files they can't. Even if they
can't open the file, they would still be able to read the name.
Please let me know if I am still not being clear.
Thanks,
Brian
Direct link to Access Based Enumeration whitepaper:

http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspx

I've not taken the time to read it. However, what you're describing has
been an issue with Novel to Windows migrations for years. Historically
I've dealt with it by reconfiguring the shared folder structure and
connecting drive letters as necessary using various tools.
b***@gmail.com
2006-04-14 20:23:56 UTC
Permalink
Thanks guys. I'll install ABE and see what happens.
b***@gmail.com
2006-04-18 16:31:23 UTC
Permalink
Well, I got ABE installed. It does bring it closer to looking like a
Netware share but I see there are still some things that Microsoft
needs to work on. Thanks for your help, I think this will make the
transition go smoother.

Brian
Post by b***@gmail.com
Thanks guys. I'll install ABE and see what happens.
Continue reading on narkive:
Loading...