none
Windows Search shows forbidden files

    Question

  • I have a server with Windows 2003 Server R2 fully updated (AD not installed). I made usergroup "Office". I defined two explicit rules for some particular folder "OurUserFiles" for this usergroup:

    First disabling rule for "this folder only":

    Create Files / Write Data;

    Create Folders / Append Data;

    Write Attributes;

    Write Extended Attributes;

    Delete Subfolders and Files;

    Delete;

    Change Permissions;

    Take Ownership.

    Second disabling rule for "Subfolders and files only":

    Traverse folder / Execute File;

    List Folder / Read Data;

    Delete Subfolders and Files;

    Delete;

    Change Permissions;

    Take Ownership.

    And ...

    Every user in group "Office" accessing server from their computers can freely lookup by wildcard all files in subfolders of "OurUserFiles" with Windows Search and watch their names. How can it be possible at all? Does Windows Search use some different way to list file names there? What should I do to block it?



    • Edited by SandyAnd Tuesday, December 04, 2012 1:33 AM
    Monday, December 03, 2012 11:43 AM

Answers

  • The problem has been solved. Actually, I left unclosed access for files by mistake. So, in the beginning, it was just "Subfolders only" not "Subfolders and files only", as I mentioned above. It was my mistake, but I've never thought, that people who are unable to get into some folders would be able to list these folders' content another way. So, I closed access to files and then rebuilt indices. It's all fine now. By the way, unable to find Share and storage management in MMC. Windows 2003 Server R2 Standard.
    Thursday, December 06, 2012 4:37 AM

All replies

  • Hi,

    Firstly we are talking about domain accounts.

    Please have a try to enable ABE in Share and Storage Management.

    You could open MMC, load Share and storeage management, right click on the shared folder and choose Properties. Go to Advanced button of Sharing tab and check the box of Enable access-based enumuration. This should help stopping list files user do not have permission to read.

    Meanwhile, I suggest you to remove Take Ownership and Change permission permissions as this will allow users give their accounts permission to read files and folders.


    TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.

    Wednesday, December 05, 2012 8:46 AM
  • How are things going? Please let us know if there is anything further we could help.

    TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.

    Thursday, December 06, 2012 2:28 AM
  • The problem has been solved. Actually, I left unclosed access for files by mistake. So, in the beginning, it was just "Subfolders only" not "Subfolders and files only", as I mentioned above. It was my mistake, but I've never thought, that people who are unable to get into some folders would be able to list these folders' content another way. So, I closed access to files and then rebuilt indices. It's all fine now. By the way, unable to find Share and storage management in MMC. Windows 2003 Server R2 Standard.
    Thursday, December 06, 2012 4:37 AM