RE: Last question about file rights (I hope)

The only way to hide the folder from view is via a third party tool called
Cloak by scriptlogic. This product will hide all folders that users have no
rights to.
--
David Davis [MCSE, CCNA, Security +]



"Patrick Hunter" wrote:

> When I was learning how to setup file rights, someone suggested giving domain
> users rights at the top level to read/execute and list folder contents. This
> seemed a little fishy to me, but ok. Then my suspicions were confirmed when I
> found out that users were able to read other people's files even if they
> couldn't do anything else. I then scaled the rights back to just list
> directory contents. I would like to make it so that people can not even see
> the directory contents if they don't have any other rights to it, however, if
> I don't provide at least List Folder Contents, users that have access to a
> multi-user shared directory in addition to their own home directory cannot
> get to them without a specific drive mapping to that shared folder. Perhaps a
> diagram would make more sense:
>
> -TOP SHARE
> -->Dept1
> -->Dept2 - (I would like a map a drive here)
> ------->Dept2User1
> ------->Dept2User2
> ------->Dept2SharedFolder
>
> In this example, I would like to map a drive at the Dept2 level (to cut down
> on excessive and unnecessary drive mappings) and allow each Dept2User to see
> and access their own home dir. and the Dept2SharedFolder, but not allow the
> users to see the files in the other user's home directories. Not being able
> to even see the other user's home dirs. would be an added bonus, but I'll
> live with what I can get. I was reading about ABE availability in SP1 and
> this sounds like it could work, however, would having List Folder Contents
> available as a right prevent ABE from achieving my desired results? I think
> I'm close, but I could use some assistance in getting the rest of the way. TIA
>
> Patrick Hunter
.