Folder Security vs NTFS permissions

[Guest]

I have a folder I'm placing on each server called Updates. I'm sharing the
folder. I want to set up permissions so only Admins can map to it.
Furthermore I don't even want regular users to be able to see that the file
exists. What combination of share level and NTFS do I need to use.

I have another folder called Reports that admins need to map to you. What
share level and ntfs need to be used so only the admin group can map to and
access it. I don't care if other users can see the folder.

 

[Bruce Chambers]

I have a folder I'm placing on each server called Updates. I'm sharing the
folder. I want to set up permissions so only Admins can map to it.
Furthermore I don't even want regular users to be able to see that the file
exists. What combination of share level and NTFS do I need to use.

I have another folder called Reports that admins need to map to you. What
share level and ntfs need to be used so only the admin group can map to and
access it. I don't care if other users can see the folder.

Name the folder "\Update$." The dollar sign ($) appended to the name
makes it a hidden share that only administrators can see. Under folder
shares and permissions, add the users and/or groups that you want to be
able to access the folder, ensure that you, at least, have full control,
and give others the Read & Execute and List Folder Contents permissions,
and then remove the Everyone group.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Rebecca Chen [MSFT]]

Hello,


I believe Bruce has provided the great points!

However, I would like to add one sent is that administrators are also
unable to see the shares followedby $ sign. Hidden shares are not listed
when you look through the shares on a computer or use the net view command.
For example, if you share update$ folder, you need to know this fold and
use \\192.168.0.1\update$ to view update folder.

About the hidden share, please refer to the following article:

How to create and delete hidden or administrative shares on client computers
http://support.microsoft.com/default.aspx?scid=kb;en-us;314984

If you have any questions or updates, please feel free to post back.


Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Michael Bednarek]

I have a folder I'm placing on each server called Updates. I'm sharing the
folder. I want to set up permissions so only Admins can map to it.
Furthermore I don't even want regular users to be able to see that the file
exists. What combination of share level and NTFS do I need to use.

I have another folder called Reports that admins need to map to you. What
share level and ntfs need to be used so only the admin group can map to and
access it. I don't care if other users can see the folder.

Bruce Chambers already pointed out that share names with an appended $
are invisible.

But I don't quite see the point of sharing/mapping when it's only for
Domain Admins. They can simply use the UNC (\\server\C$\Updates\); works
both in Explorer and CMD.EXE - although in the latter not for the CD
command; but that works in at least one other CLI: 4NT.