Let users to view and access only their files on Windows shared folder
Solution 1
First thing's first, configure your permissions properly. If you don't want everybody to have read/write access to everything, then don't. You may want to give everybody permissions to create directories at the root of the share and then give "CREATOR OWNER" full access.
After you've dialed in your permissions, turn on access based enumeration in order to prevent users from seeing folders they do not have rights to.
Solution 2
Its similar to setting up folder re-direction or the old roaming profiles. Only the user or admins should be able to access their own roaming folder so do this:
- Set Share Permissions for the Everyone group to Full Control.
- Use the following settings for NTFS Permissions:
- CREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)
- System - Full Control (Apply onto: This Folder, Subfolders, and Files)
- Domain Admins - Full Control (Apply onto: This Folder, Subfolders, and Files)
- Everyone -
- Create Folder/Append Data (Apply onto: This Folder Only)
- List Folder/Read Data (Apply onto: This Folder Only)
- Read Attributes (Apply onto: This Folder Only)
- Traverse Folder/Execute File (Apply onto: This Folder Only)
Where Everyone can be your security group and add your users to this group
Article reference: Create security-enhanced redirected folder - Windows Server | Microsoft Docs
Related videos on Youtube
Tomas
Updated on September 18, 2022Comments
-
Tomas almost 2 years
I have shared one folder on our Windows 2008 server with Everyone Read/Write access rights. I would like to prevent file sharing between users. For example if user No1 upload file to shared folder a user No2 will not see files which was uploaded by user No1 and will not have access.
-
joeqwerty almost 13 yearsThe problem as I see it is that the OP is dealing with a single folder to which everyone has read/write permission on and users are creating files in this single folder, so ABE isn't going to work. If the OP created a separate folder for each user then ABE would solve the problem.
-
Daniel B. almost 13 yearsI think that's what Jason meant. If everyone can create a directory, they can create their own directory, they would then have full access(Creator Owner) to the contents of what is now their personal subdirectory. Right?
-
joeqwerty almost 13 yearsThe OP seems to be implying a single folder where users are creating files and/or folders. As such, ABE won't work. The OP would need to create separate folders for each user, secure those folders to the appropriate user, and then enable ABE. Any folder or file created in the parent folder is going to be accessible by every user by virtue of the fact that they all have read/write permissions on the parent folder. The only way to enable ABE is to create a folder for each user, secured to that user.
-
Andrew Schulman about 3 yearsCan you provide a link to the article?
-
doggonewater672 about 3 years