Magl1te 0 Posted June 30, 2003 Help please, I’m in need of an 2k guru me thinks. I’m putting a new 2k Srv box live and have come across a potential problem while moving data from our existing Novell server to the new folder structure. I have created user home folders, dept shares and a transit share location, the problem is even tho users don’t have access rights to certain folders they can still list them. Ie. Code: p:\share\dept\accounts directors hr managers r&d shopfloor technical …p:\share\users\joe.bloggs john.smith del.trotter …p:\share\temp\ The folder p:\share is shared and mapped to a single drive letter on the client PCs (they’re simple folk who don’t understand how to use more than one network drive), using a combination of share permissions and NTFS permissions I have the actual data within the folders locked down tight. The problem for me is because the users have read/list rights @ the root of the share they get to see the 1st / 2nd level directory structure even if they can’t access the subfolders their not entitled to. Under Novell this wasn’t a problem because if a user has no rights to a folder it simply doesn’t appear in their folder list which was great. Currently although a std user can’t access the directors folder, the fact they know of it may tempt them into trying to gain access, altho this shouldn’t be a problem unless a directors / admin login is compromised. But you try explaining to a non-techie director / senior manager the fact that although a user can see it, it poses little or no security risk. I have considered sharing each folder a user would need then mapping each share to a drive letter on the client PCs, but this becomes very impractical when several mappings are required and when people are used to a single drive letter with all there accessible shares on it. I did look at using DFS, then I looked at how DFS worked and giggled I do hope there is something simple (or not so simple) I’m missing here, I am by no means a 2kSrv wiz kid but I am very familiar around the OS and this has me stumped. Welcome any suggestions (except sticking with Novell ). Thanks Ps. Been a lurker here for a while so big thanks to the many helpful posters Share this post Link to post
AndyFair 0 Posted July 1, 2003 It would be easiest to create separate shares for each folder - if you append the share name with the dollar sign ($), this will mean that your users will not be able to browse to the folder through Network Neighbourhood/Network Places. You could use login scripts to map the drives... Just a couple of thoughts Rgds AndyF Share this post Link to post
Magl1te 0 Posted July 1, 2003 Thanks Andy, it's something i've considered but several users require lots of access so it's not practical due to having lots of mappings. So far the best i've come with is nesting the users under there own dept. folder, not ideal but it stops prying eyes further up the folder structure. I'm still amazed that M$ can't provide a similar solution to our aging Novell 4 server, maybe when DFS is developed further it will be the answer to my question but not yet at least . Share this post Link to post
