Re: Share and NTFS permissions - the right mix?!

Richard Price <richardprice@xxxxxxxxx> wrote:
On May 17, 7:29 pm, "Lanwench [MVP - Exchange]"
<lanwe...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

That depends on your environment, I guess. It may actually be less
disruptive in the long term to get them used to one massive change
than to keep changing things piecemeal. I don't know your user base.



It can be managed better than a full blown huge transition, as you can
later on map their user folders to their My Documents folder with
little issue - get them used to using that and then just remove the U:
mapping.

Baby steps.

Sure, that's one option. Again, I don't know your user base.

Yes, I can see that. I suppose they could use UNC paths . Or
depending on the size of your environment, you might consider not
giving every department the same drive letter/mapping for their own
folders -



Neither of those are very elegant and could be a pain ongoing - you
end up with the requirement for more than one logon script.

No, you can use a single login script. Even a simple batch file with
ifmember will do it - or there's VBS stuff galore.



Yes, and you could definitely implement that - but it's less elegant
in that users would see the folders of the other departments.



You can hide those in Win2k3 R2 using ABE - Access Based Enumeration.
Users only get to see what they have permissions to see.

Kewl. There's a lot of new stuff in R2 with which I'm still unfamiliar -
good to know.



(but I'm not yet putting all my money on Sharepoint as a good
document management system & file server replacement, myself)


Neither are we, yet - its an ongoing thing.



I definitely agree that security by obscurity is not a security
solution. It's part of one, though. Users having the (extremely
limited) access granted to the parent folder which they will with
this setup, honestly doesn't worry me overmuch. Have you actually
implemented this to see what your users would end up with?


Yes, the implementation I had led me to making the initial post in
this thread. I have since solved my initial problem, and have arrived
at a set of permissions which do precisely what I wished to
accomplish.

They would have to go very far out of their way to even find it, let
alone do anything with it,and they couldn't do much of
interest. Your mileage may vary, of course - that's just my view.


We have a few 'technical' users in our customer base, and I can
guarantee that they will poke.

;-)

As you're no doubt aware, NetWare and Windows are entirely different
animals. I've found that a lot of people migrating from Netware
sweat the small stuff more than I would - it's definitely true there
are some things Windows doesn't do as well, but does well enough. I
haven't used Novell stuff since 4x and don't really find I miss it
all that much.



Luckily I am not a Novell person, but its caused us so many problems
its insane - especially since we are still on Novell 5 (I think, might
not even be that), its a setup that definitely needs retiring.

I wish you the best of luck - and am glad you figured out the permissions
you needed to make this work as you wish.

Cheers
Richard



.

Relevant Pages

  • Mirroring Novell permissions on NTFS partition
    ... making the permission setup look like the Novell world. ... if a group is assigned permissions ... all previous folders, allowing them a clear path to the ... folder where they have explicit permissions. ...
    (microsoft.public.win2000.security)
  • Re: Share and NTFS permissions - the right mix?!
    ... I don't know your user base. ... the same drive letter/mapping for their own folders - ... I haven't used Novell ... its a setup that definitely needs retiring. ...
    (microsoft.public.windows.server.general)
  • Re: Mirroring Novell permissions on NTFS partition
    ... >would love to duplicate the Novell permissions on W2K that prevent users ... if a group is assigned permissions ... >> all previous folders, allowing them a clear path to the ... >> folder where they have explicit permissions. ...
    (microsoft.public.win2000.security)
  • Re: Mirroring Novell permissions on NTFS partition
    ... would love to duplicate the Novell permissions on W2K that prevent users ... if a group is assigned permissions ... > all previous folders, allowing them a clear path to the ... > folder where they have explicit permissions. ...
    (microsoft.public.win2000.security)
  • NDS vs NTFS File Scan (F) Capabilities
    ... Novell NetWare administrators can configure permissions so that users cannot ... see files or folders in the file system for which the users do not have Read ... Currently we are in progress of Migrating from Novell 6.0 to Server 2003. ...
    (microsoft.public.windows.server.general)