Hiding files/folder shares from users
-
Here's a decent guide from Spiceworks. He does it the same way I do with a top-level share that has ABE enabled and the folders are all underneath this with the appropriate NTFS permissions.
https://community.spiceworks.com/how_to/45158-configure-access-based-enumeration-server2012
In this scenario, you just map out the same top-level share to everyone's computer via UNC logon script or whatever your method. Then as users need to access something in that share (in your case Folder 1, Folder 2, Folder 3, Folder 4) they just open the top-level share and whatever they have access to they see.
For instance, create a "Data" folder underneath E:. Enable ABE on the Data folder and either disable inheritance here, or you can just disable inheritance on the subfolders as necessary. Then go into the subfolders (Folder 1, Folder 2, etc.) and set the appropriate NTFS permissions. Now everyone accesses their info via one shared folder "Data" but still see only what they need to see. Not a cluster of shares all over the place.
E:\Data\Folder 1
E:\Data\Folder 2
E:\Data\Folder 3
E:\Data\Folder 4When a user accesses E:\Data\ they'll be greeted with whichever folders they have permissions to.
-
@zachary715 better fact check ANY how-to from over there. A quick glance at the comments seems to imply that the how-to is not the easiest way to go at this, and simpler suggestions are offered. But I've never set this up personally... just reminding everyone how much bad info there is on SW.
-
@rojoloco said in Hiding files/folder shares from users:
@zachary715 better fact check ANY how-to from over there. A quick glance at the comments seems to imply that the how-to is not the easiest way to go at this, and simpler suggestions are offered. But I've never set this up personally... just reminding everyone how much bad info there is on SW.
I was hoping the instructions I gave in addition to the screenshots the SW How-To provided would help @Joel out in discovering his issue. I definitely do not intend for him to follow that How-To exactly.
-
@zachary715 said in Hiding files/folder shares from users:
@black3dynamite said in Hiding files/folder shares from users:
@zachary715 said in Hiding files/folder shares from users:
@joel There's a piece missing then. Are you applying ABE on each individual folder, or are you doing it at the top level?
We have it setup such as we have two shares...
D:\Share 1
D:\Share 2ABE is applied to both of these shares. Share permissions are Everyone - Full Control. NTFS is Admin - Full and Users - Read Only. We have run into issues where users accidentally moved a subfolder or added a file at this level. We're small enough that I can manage these so I set it to read-only so people can't accidentally delete a subfolder.
The majority of our users use D:\Share 1\Subfolder. So we might have for instance...
D:\Share 1\Accounting
D:\Share 1\Purchasing
D:\Share 1\Sales
D:\Share 1\IT DeptSo at this point, I'll go in and set the NTFS permissions on each of these subfolders for who should be able to view and access these shares. I'm only applying ABE on the shares themselves at the top level and then setting specific NTFS on the subfolders. So now when salespeople access the share, they only see D:\Share 1\Sales and nothing else.
Hopefully this helps.
Do you have users read only set to โThis folderโ?
Since you quoted me I'm assuming this question was directed at me, but I'm not following exactly what you're asking.
If everyone has read access to Folder1, then ABE won't make it disappear for anyone, because ABE sees that everyone has read, so they must be allowed to see the files.
-
I did follow the guide exactly and im still able to see the folders i dont want to see
I'm sure its something simple! -
@joel said in Hiding files/folder shares from users:
I did follow the guide exactly and im still able to see the folders i dont want to see
I'm sure its something simple!Are you using DFS Namespace?
-
@joel said in Hiding files/folder shares from users:
I did follow the guide exactly and im still able to see the folders i dont want to see
I'm sure its something simple!you willing to show us a snip of your folder structure? and a snip of the NTFS permissions of the top few folders?
-
I've just deleted everything so my E:\ directory so it's now empty...Willing to start right from the top...
Step1 - Create a folder called SHARED (E:\Shared) and then under properties > Share > Advanced sharing, will call it 'Shared' and give Everyone Full control.
Step2 - I'll then go to security tab > advanced and disable inheritance (converting to explicit objects) and then remove the local users accounts
Step3 - Whilst in advanced security, I'll add in a new principle (Domain Users) to 'this folder only' and apply advanced permissions (list folder/read data)
So far so good? Whats next as i think i go wrong from here!
Step 4 - Create the sub folders under E:\Shared
ie. E:\Shared\Folder1
E:\Shared\Folder2
E:\Shared\Folder3Note: I've created my security groups and put the relevant users in them already so they are on standby.
What permissions can/should I apply to each sub folder?
-
Let's assume you create a group called Folder1 and you want them to have full control.
You need to set the Security settings to Full Control to Folder 1 group and nothing else should be listed.
-
Thats precisely what i've done but yet I can still see Folder 2 (although dont have permissions to open it) it's still visible though!
-
@joel said in Hiding files/folder shares from users:
Thats precisely what i've done but yet I can still see Folder 2 (although dont have permissions to open it) it's still visible though!
I'd say that ABE isn't working or enabled then.
-
@joel said in Hiding files/folder shares from users:
Thats precisely what i've done but yet I can still see Folder 2 (although dont have permissions to open it) it's still visible though!
Are you viewing the share from your account or different account?
-
I just checked this on my own server (I didn't have ABE enabled, I clicked box and poof, one folder on my share I don't have any permissions for vanished).
-
@joel said in Hiding files/folder shares from users:
Thats precisely what i've done but yet I can still see Folder 2 (although dont have permissions to open it) it's still visible though!
OHH and you need to be looking through the share connection, not through the folder structure on the server itself (made that mistake before too).
The folder structure will also ways show you (well, almost always).
-
@dashrender said in Hiding files/folder shares from users:
@joel said in Hiding files/folder shares from users:
Thats precisely what i've done but yet I can still see Folder 2 (although dont have permissions to open it) it's still visible though!
OHH and you need to be looking through the share connection, not through the folder structure on the server itself (made that mistake before too).
The folder structure will also ways show you (well, almost always).
THATS WHERE THE PROBLEM IS!!! if ii browse to \SERVER\Shared I can only see the folder I want!
However, i'm actually using a remote app (excel) and when I go to File>Open>E:\Shared, I can see the folder!
-
@joel said in Hiding files/folder shares from users:
@dashrender said in Hiding files/folder shares from users:
@joel said in Hiding files/folder shares from users:
Thats precisely what i've done but yet I can still see Folder 2 (although dont have permissions to open it) it's still visible though!
OHH and you need to be looking through the share connection, not through the folder structure on the server itself (made that mistake before too).
The folder structure will also ways show you (well, almost always).
THATS WHERE THE PROBLEM IS!!! if ii browse to \SERVER\Shared I can only see the folder I want!
However, i'm actually using a remote app (excel) and when I go to File>Open>E:\Shared, I can see the folder!
Have you tried reopening excel and then go to E:\Shared to see if the folder is not there?
-
Yes, it is 100% visible. I've even logged onto the server via RDP and can see the folder there. However, it ISNT there when I browse to \Server\Shared. Of course I dont want to see the folder in any case as I dont have permission to it! I only want to see the folders I do have access to!
-
@joel said in Hiding files/folder shares from users:
Yes, it is 100% visible. I've even logged onto the server via RDP and can see the folder there. However, it ISNT there when I browse to \Server\Shared. Of course I dont want to see the folder in any case as I dont have permission to it! I only want to see the folders I do have access to!
Try rebooting - not that I needed to. I just checked on my missing folder (research folder in my case) and it's still not listed when I browser through Excel.
-
@joel said in Hiding files/folder shares from users:
Yes, it is 100% visible. I've even logged onto the server via RDP and can see the folder there. However, it ISNT there when I browse to \Server\Shared. Of course I dont want to see the folder in any case as I dont have permission to it! I only want to see the folders I do have access to!
I'm not sure it possible to hide folders if you have access to it locally.
-
Where are you launching Excel from? Inside the RDP session? if yes, it will suffer the same issue as local browsing, unless you specifically tell Excel to look at \\server\share\ etc.
