none
Sharing Folders on Windows Server 2003

    Question

  • Good day all,

     

    I am currently setting up a file server and stuck between a hard place and a rock with what I want to do.

     

    I have set my NTFS and Sharing Permissions up perfectly and its very secure and limited and only the users who need access have access. But the problem Im encountering is that I want users only to see folders that they have access to (folders that they cant access they souldnt even see at all as a share).

     

    I have seen it only once before in a big firm where the folders which you shouldnt have access to even, you dont even see! Currently I can see all the shared folders but when I try access one that I dont have permissions it just gives me the error message "Access Denied:Permissions etc etc".

     

    Is anyone familiar with setting this up and how would I go about it?


    MCP, MCSE, MCDST, MCSA, MCT, MCITP:EA, MCITP:CST, A+, N+, CTT+, MCTS, CBP
    Friday, October 22, 2010 9:20 AM

Answers

  • Hi Tim,

    ABE is included in Windows 2003 SP1, so it should still support SP2.

    Would you please do a test, to share a folder1 only to User1, create a subfolder1, enable ABE on it (it should still only be shared to User1). Then go to another computer, logon User2, access \\computer\folder1 to see whether subfolder1 is listed.

    You can get document for ABE in following link:

    Windows Server 2003 Access-based Enumeration

    http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspx


    Shaon Shan| TechNet Subscriber Support in forum| If you have any feedback on our support, please contact tngfb@microsoft.com
    Thursday, October 28, 2010 1:21 PM
    Moderator
  • Ok I have managed to get the shares running nicely with different folder structures and have the permissions set perfectly now. No answer really to this other than Access Based Enumeration being the correct answer.
    MCP, MCSE, MCDST, MCSA, MCT, MCITP:EA, MCITP:CST, A+, N+, CTT+, MCTS, CBP
    Monday, November 01, 2010 8:48 AM

All replies

  • Friday, October 22, 2010 11:02 AM
  • Thank you FZB! Thats exactly what Im looking for.

     

    I will mark this as the answer as soon as I get a chance to try this out.


    MCP, MCSE, MCDST, MCSA, MCT, MCITP:EA, MCITP:CST, A+, N+, CTT+, MCTS, CBP
    Monday, October 25, 2010 7:59 AM
  • Ok I have finally got down to installing ABE and no success this far.

     

    Im running Windows Server 2003 R2 SP2 and I get the ABE tab under the shared folders properties. Even when I enable ABE on the shared folder I am still able to see it even though I cannot access the folder.

    Hmm I have read and seems ABE is for Server 2003 R2 SP1 or lower. Is this the issue? If so how do I accomplish what I need done?

     

    Thank you for your help.


    MCP, MCSE, MCDST, MCSA, MCT, MCITP:EA, MCITP:CST, A+, N+, CTT+, MCTS, CBP
    Thursday, October 28, 2010 10:41 AM
  • Hi Tim,

    ABE is included in Windows 2003 SP1, so it should still support SP2.

    Would you please do a test, to share a folder1 only to User1, create a subfolder1, enable ABE on it (it should still only be shared to User1). Then go to another computer, logon User2, access \\computer\folder1 to see whether subfolder1 is listed.

    You can get document for ABE in following link:

    Windows Server 2003 Access-based Enumeration

    http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspx


    Shaon Shan| TechNet Subscriber Support in forum| If you have any feedback on our support, please contact tngfb@microsoft.com
    Thursday, October 28, 2010 1:21 PM
    Moderator
  • Good day Shaon,

    I have done as you have explained and the problem with this, is that if user 2 doesnt have access to Folder1, he cant check to see the SubFolder1.

     

    I have played around with this idea you have presented but still no luck with getting ABE to work correctly. If you dont mind please could you explain what the NTFS/Share permissions should be for the folders respectively.

     

    Thank you for your help.

     


    MCP, MCSE, MCDST, MCSA, MCT, MCITP:EA, MCITP:CST, A+, N+, CTT+, MCTS, CBP
    Thursday, October 28, 2010 2:50 PM
  • Hi Tim,

    Sorry for my previous steps. Folder1 should be shared to Everyone and subfolder1 should be shared to only User1. Then using User2 to access folder1 while ABE is enabled on Subfolder1.

     


    Shaon Shan| TechNet Subscriber Support in forum| If you have any feedback on our support, please contact tngfb@microsoft.com
    Friday, October 29, 2010 1:09 AM
    Moderator
  • Greetings Shaon,

     

    I have tried exactly what you have asked and still no luck. I have read up and seems a lot of people running SP2 run into this problem and its quite a serious problem for me as I need to share User Folders and want them to only see their own. If you could please advise anything else I can try I will then proceed.

     

    Thank you.


    MCP, MCSE, MCDST, MCSA, MCT, MCITP:EA, MCITP:CST, A+, N+, CTT+, MCTS, CBP
    Friday, October 29, 2010 6:35 AM
  • Ok I have managed to get the shares running nicely with different folder structures and have the permissions set perfectly now. No answer really to this other than Access Based Enumeration being the correct answer.
    MCP, MCSE, MCDST, MCSA, MCT, MCITP:EA, MCITP:CST, A+, N+, CTT+, MCTS, CBP
    Monday, November 01, 2010 8:48 AM