Directory security - what's needed for USER priv's?

[Bob]

Need some advice on setting permissions....

I want to let USERS on a win2003 server access a folder on a
non-system hard drive. However, I don't want them to have access
to anything else on the drive, just that particular folder. The
folder is right off the root of the drive and they should have
access to that folder and anything below it.

I know how to give them access (full control) to the folder. But, what
(minimal) permissions do I need to give them to the root of the drive
to get them to that folder ?

Thanks,

 

[Roger Abell [MVP]]

Need some advice on setting permissions....

I want to let USERS on a win2003 server access a folder on a
non-system hard drive. However, I don't want them to have access
to anything else on the drive, just that particular folder. The
folder is right off the root of the drive and they should have
access to that folder and anything below it.

I know how to give them access (full control) to the folder. But, what
(minimal) permissions do I need to give them to the root of the drive
to get them to that folder ?

Thanks,

They need no permissions at the root (or anywhere in the parental
path) if
- they are in a group that is granted the Bypass traverse check user right
- they are not going to navigate to the folder by clicking down from above
such as in Explorer
If you do want then to browse to the folder through the parental chain then
List would be the normal grant on the parent folders.

If you were speaking about remote access instead of local, then a share
level grant of Full is needed if you do really want them to exercise any of
the NTFS Full grant you say was given to the specific folder.