Restrict access to a nested shared folder in Server 2008R2 file share
7,241
If you want to give access to a subfolder of shared directory, you have two options.
- At a minimum, give
traverse folder / execute file
permissions to the root of the share and all parent folders of the subfolder you wish to grant access to.- If you wish, you can deny (or not grant) the
list folder / read data
permissions to other subfolders in the share.- We do this for our redirected user My Documents folders, so every user can access
\\DFSroot\Users\
, but can only see or access\\DFSroot\Users\[their username]\
. The value of prohibiting people from even seeing the other folders is questionable, IMO, but it's not that much extra work either.
- We do this for our redirected user My Documents folders, so every user can access
- If you wish, you can deny (or not grant) the
- Create a new share in the subfolder, grant the desired permissions and access it through that new share.
If you really want to deny traverse folder / execute file
permissions higher up in the directory tree, you have to use option #2. I would argue that #2 is probably the better option in general, because it's more visible and therefore, more likely to get cleaned up after the fact than a group of ACLs that aren't displayed unless you go looking.
Related videos on Youtube
Author by
user208160
Updated on September 18, 2022Comments
-
user208160 over 1 year
Server 2008 R2 VM as a member server set up as a file server.
Situation: We have a contractor that needs read access to a nested folder in a shared directory in a domain environment. How do I go about allowing that user access to files in a share directory while removing traverse rights?
-
user208160 over 10 yearsScratch that, traverse needs to be there. Thanks MDMarra
-