Restrict access to a nested shared folder in Server 2008R2 file share

If you want to give access to a subfolder of shared directory, you have two options.

1. At a minimum, give traverse folder / execute file permissions to the root of the share and all parent folders of the subfolder you wish to grant access to.
   • If you wish, you can deny (or not grant) the list folder / read data permissions to other subfolders in the share.
     • We do this for our redirected user My Documents folders, so every user can access \\DFSroot\Users\, but can only see or access \\DFSroot\Users\[their username]\. The value of prohibiting people from even seeing the other folders is questionable, IMO, but it's not that much extra work either.
2. Create a new share in the subfolder, grant the desired permissions and access it through that new share.

If you really want to deny traverse folder / execute file permissions higher up in the directory tree, you have to use option #2. I would argue that #2 is probably the better option in general, because it's more visible and therefore, more likely to get cleaned up after the fact than a group of ACLs that aren't displayed unless you go looking.

Related videos on Youtube

09 : 43

Server 2008 Lesson 10 - Sharing Folders and the File Services Role

lecture snippets

188

09 : 07

Active Directory||AD-Users & Groups ||File and Folder Permissions

Navtej Lotey

38

55 : 50

Configuring File and Folder Share Access Windows Server 2012 R2

how to fixit

3

15 : 35

Share Folders, Setting permissions, and accessing from Client (Server 2008 r2)

Hasa

1

01 : 32

DevOps & SysAdmins: Restrict access to a nested shared folder in Server 2008R2 file share

Roel Van de Paar

1

Author by

user208160

Updated on September 18, 2022