Click here to get back home

Restricted file access
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Restricted file access Todd 04-01-2008
Posted by Al Dunbar on April 1, 2008, 7:43 pm
Please log in for more thread options
 We typically permit folders to groups where the folder name is either that
of the group or something quite arbitrary. If we were going to acquire
company ABC, a folder as suggestive as "Imminent Acquisition of ABC" might
exist, but would most likely be placed within a folder permitted to allow
only those authorized to see it.

Our typical user does not realize that he can determine the access rights of
others to files he maintains on a share. Why anyone would create such a
sensitively named folder in a folder in which others may see some of the
contained folders, I have no idea.


/Al

> Its a good question. It is one of those things that has been the case for
> a long time. I guess it is really only a problem if you use folder names
> like "Imminent Acquisition of ABC". I am guessing it uses a lot of
> resources to enumerate the access before displaying the tree,
> Anthony,
> http://www.airdesk.co.uk
>
>
>
>
>> That sure looks like it will do the job. I wonder why MS doesn't just
>> include it as part of the OS.
>>
>> Todd
>>
>>> Hi Todd,
>>> That's Access Based Enumeration, ABE.:
>>> http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspx
>>> Anthony,
>>> http://www.airdesk.co.uk
>>>
>>>
>>>> We recently migrated from a Netware environment and are having some
>>>> issues with the differences between how Netware and Windows handle file
>>>> and folder permissions. We have a top level folder that everyone has
>>>> access to, and subfolders with restricted permissions. In Netware, if
>>>> there were 50 subfolders, but you only had access to 2 of them, when
>>>> you browsed to the subfolder level, you would only see 2 folders. In
>>>> Windows, even though you may not be able to open the files inside, you
>>>> still see all 50 folders. Is there any way to configure permissions in
>>>> Windows to get behavior more like we had in Windows?
>>>>
>>>
>>>
>>
>>
>
>



Posted by Anthony [MVP] on April 1, 2008, 9:02 pm
Please log in for more thread options
 I agree,
Anthony,
http://www.airdesk.co.uk


> We typically permit folders to groups where the folder name is either that
> of the group or something quite arbitrary. If we were going to acquire
> company ABC, a folder as suggestive as "Imminent Acquisition of ABC" might
> exist, but would most likely be placed within a folder permitted to allow
> only those authorized to see it.
>
> Our typical user does not realize that he can determine the access rights
> of others to files he maintains on a share. Why anyone would create such a
> sensitively named folder in a folder in which others may see some of the
> contained folders, I have no idea.
>
>
> /Al
>
>> Its a good question. It is one of those things that has been the case for
>> a long time. I guess it is really only a problem if you use folder names
>> like "Imminent Acquisition of ABC". I am guessing it uses a lot of
>> resources to enumerate the access before displaying the tree,
>> Anthony,
>> http://www.airdesk.co.uk
>>
>>
>>
>>
>>> That sure looks like it will do the job. I wonder why MS doesn't just
>>> include it as part of the OS.
>>>
>>> Todd
>>>
>>>> Hi Todd,
>>>> That's Access Based Enumeration, ABE.:
>>>> http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspx
>>>> Anthony,
>>>> http://www.airdesk.co.uk
>>>>
>>>>
>>>>> We recently migrated from a Netware environment and are having some
>>>>> issues with the differences between how Netware and Windows handle
>>>>> file and folder permissions. We have a top level folder that everyone
>>>>> has access to, and subfolders with restricted permissions. In
>>>>> Netware, if there were 50 subfolders, but you only had access to 2 of
>>>>> them, when you browsed to the subfolder level, you would only see 2
>>>>> folders. In Windows, even though you may not be able to open the
>>>>> files inside, you still see all 50 folders. Is there any way to
>>>>> configure permissions in Windows to get behavior more like we had in
>>>>> Windows?
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>



Similar ThreadsPosted
File Access Audit on File Server June 20, 2007, 4:59 pm
"The process is unable to access the file, because the file is used by another process." October 29, 2005, 5:17 pm
Cannot access file May 31, 2007, 7:25 pm
Monitor File Access February 12, 2007, 12:09 pm
Auditing File Access January 15, 2008, 11:18 am
Audit file/folder access February 12, 2007, 10:52 am
Access denied for a particular file - nothing helps July 24, 2007, 2:18 pm
How do I monitor file access rights on Win2003? May 19, 2006, 2:20 am
How to restrict file access to Domain Computers Only August 27, 2006, 9:55 am
Utility to Summarize User File Access July 17, 2008, 3:50 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap