Results 1 to 14 of 14
  1. #1
    Silver Lounger
    Join Date
    Dec 2000
    Location
    California, USA
    Posts
    1,758
    Thanks
    0
    Thanked 0 Times in 0 Posts

    What you see is....

    Is there a way to restrict what a user sees by changing or modifing rights of the user. As an example a directory named "People" has four sub-directories (John, Legare, Andrew and Eileen). When John uses the windows explorer to see what is under "People" he should only the sub-directory named John not all four.

    Thanks,

  2. #2
    2 Star Lounger
    Join Date
    Dec 2000
    Location
    Texas
    Posts
    149
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What you see is....

    If your files are NTFS, you can hang permissions on folders, by user, with 3 privileges. Maybe files too, I'll have to check. You talking about domain, or non-domain?

  3. #3
    Silver Lounger
    Join Date
    Dec 2000
    Location
    California, USA
    Posts
    1,758
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What you see is....

    It is on a domain.

  4. #4
    2 Star Lounger
    Join Date
    Dec 2000
    Location
    Texas
    Posts
    149
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What you see is....

    I have only worked with non-domain peer-peer. But I would guess that permissions are handled in a similar fashion. <img src=/S/scratch.gif border=0 alt=scratch width=25 height=29>

  5. #5
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What you see is....

    I don't believe there is an easy way.
    There is a utility called <A target="_blank" HREF=http://www.winability.com/folderguard/>FolderGuard</A> - but it ain't free.

    From the blurb on their site:
    [b]Folder Guard

  6. #6
    2 Star Lounger
    Join Date
    Dec 2000
    Location
    Texas
    Posts
    149
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What you see is....

    Leif - do the security rules governing local user access to local files depend on the PC network configuration being domain vs non-domain?

    What jstevens is asking for works quite well in my W2k workgroup. We turn off the 'allow inherited priveleges' switches and kill the 'everyone' users, and give specific access to the sub-folders to the 'loader' and the 'user'.

  7. #7
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What you see is....

    I don't think so.
    The difficult thing - in my view anyway - is hiding the other shares, not just restricting access.
    Hiding is not something I've ever needed to do, so can't really speak from experience .....

    So - quickly looking up my 'Mastering W2K Server Book', there is a solution:

    To create a hidden share, simply add a dollar sign at the end of the name, so the shares will be called John$, Legare$, Andrew$ and Eileen$. As these are hidden from everyone, you need to know the name of the folder. The only way to connect to them is to either manually type in the full path, or map a network drive to it:
    ServerJohn$

    Bear in mind if the idea is to prevent any possible access by A.N.Other, if John suspects Legare might have a hidden share, his obvious first trick would be to try and map to ServerLegare$.....

  8. #8
    2 Star Lounger
    Join Date
    Dec 2000
    Location
    Texas
    Posts
    149
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What you see is....

    OK - So there is a distinction between making a folder$ invisible, and making it visible but denying access. We do the latter.

    Thanks Leif - <img src=/S/compute.gif border=0 alt=compute width=40 height=20>

  9. #9
    2 Star Lounger
    Join Date
    Dec 2000
    Location
    Texas
    Posts
    149
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What you see is....

    Are you interested in sub-folder 'invisibility', or 'see others' sub-folders but deny access'? <img src=/S/scratch.gif border=0 alt=scratch width=25 height=29>

  10. #10
    Silver Lounger
    Join Date
    Dec 2000
    Location
    California, USA
    Posts
    1,758
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What you see is....

    Sub-folder invisibility by others who do not have rights to those sub-folders or files.

  11. #11
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What you see is....

    Just as a matter of interest, may I ask why?

  12. #12
    Silver Lounger
    Join Date
    Dec 2000
    Location
    California, USA
    Posts
    1,758
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What you see is....

    XL files are posted to a folder relative to the end-users department. If the end-user has only one department, why should he view all departments in the laundry list.

  13. #13
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What you see is....

    So it is more a cosmetic issue than a security one?
    Can you not just make the shares one more level down, so Andrew is mapped to 'Andrew', and not 'People'?

  14. #14
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Cairns, Queensland, Australia
    Posts
    885
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What you see is....

    I know this of absolutely no use to your situation, but Novell's Netware does this automatically. If you have no rights, you don't ever see the directory. Makes admin a breeze, and no, I don't sell the product.

    I am dreading the next upgrade to our prime application as it requires a Windows network.
    Granville

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •