NTFS Permissions to Hide Files or Folders

[CTH]

How do I,
Configure NTFS Permissions to Hide Files or Folders from
Unauthorized Users

Novell NetWare administrators can configure permissions so
that users cannot see files or folders in the file system
for which the users do not have Read access by removing
the File Scan (F) permission. Is this type of access
control in the NTFS file system. Therefore, users can view
the contents of any folder for which the user has the List
permission. Removing the List permission for the folder
prevents the user from gaining access to any file in the
folder, and what is needed is the old ability to give a
list, or view yes/no for a user group, maybe in the gpo,
a .adm file, or ntfs acl lists?

Please help
CTH
(e-mail address removed)

 

[anon]

there is no equivalent in NTFS; you can only deny them access to view the
contents, not the mere existence. That's unique to NetWare.


"> How do I,

 

[Kilroy]

There is a 3rd party product which will deliver the solution you're
looking for. It's called "Cloak" and you can get more information here
-> http://scriptlogic.com/cloak (you can even d/l an eval version and
try before you buy).

In my opinion, there are three primary reasons you'd want hide files &
folders in the Windows enterprise (excluding the fact that hiding
subfolders is part of all the other major NOS vendors, including
NetWare and Linux).

1) "out of sight - out of mind" adds a layer of security. Ever hear the
phrase 'curiosity killed the cat'? Some folks will certainly debate
this point, saying that showing someone the door to the safe doesn't
mean it is any easier to gain access to. Counter point being that if no
one knows the safe is there, no one will try to gain access in the
first place. And I guess that is why they sell wall safes and floor
safes for homes, right?

2) The 'streamlined user experience.' If you map drives (or use UNCs)
to get to departmental shares, don't you think a user is more
productive and less confused if they only see the 4 folders they have
access to rather than 30 folders (26 of which they can't access
anyway)?

3) More accurate file system auditing. If you audit your file system
access, hided file & folders will reduce the number of 'false
positives' in your security event log. Now you can actually pay
attention to the 'Object Access - Failure' events since they can't be
chalked up to accidental mouse clicks in Explorer.

 

[Guest]

Very interesting!
But how can I d/l?
I tried but didn't succeed to...

Thank you!