1

I have a data server where users login with there credentials \\myserver.me.com\users\ and then inside it there is a folder for each user e.g Tom-Hanks-user1 is a folder for a user Maggie-Bryan-user2 is another folder for another user and so on. Now when a user login they have access to only their folder but they can still view and see the other users folders but cannot access it. I wonder how I can make the logged in user only see his folder without even seeing the other users folders?

I have a group for my users named my.users and the permissions of this group to the parent folder "users" is shown below: enter image description here

And below is the permissions for the user Tom Hanks to his folder Tom-Hanks-user1: enter image description here

But now when user Tom Hanks logins in he have full access to his folder but he can view a folder named Maggie-Bryan-user2 under the users folder, and I wonder how I can disable this where he can view and have access to only his folder and other users folders will not be visible to him?

Improve this question
5
  • Why, do you want to do this, just hiding the folder does nothing since they could just guess the folder name. Getting rid of “list folder” and all “read” permissions probably would do it.
    – Ramhound
    Commented Feb 2, 2023 at 14:21
  • The safest solution would be to give each user his own network share, only on his own folder.
    – harrymc
    Commented Feb 2, 2023 at 14:31
  • @harrymc - That’s already being done based on the description
    – Ramhound
    Commented Feb 2, 2023 at 14:45
  • @Ramhound: It looks like the poster has only one network share, but gave each user a pointer to his own folder. That's not what I meant.
    – harrymc
    Commented Feb 2, 2023 at 14:49
  • @harrymc - Your expanded explanation makes more sense.
    – Ramhound
    Commented Feb 2, 2023 at 15:18

2 Answers 2

Reset to default
1

The base NTFS and SMB file permissions don't support this. If a user has List folder / read data permission on the /Users/ folder, then they will be able to see the names of each child item, whether or not they have access to that item's contents.

There is a feature for windows server DFS Namespaces called Access Based Enumeration. This does hide child folders where your user doesn't have Read permissions, and is typically used for this exact case of user folders. The server has to check each folder's permissions against the user, so once you start to get up into the 10,000 folder range, it can start to take quite a bit of server CPU time.

Improve this answer
0

In normal server use, user can see what folders and files, but standard permissions prevent unauthorized persons from opening files.

This has pros and cons depending on the exact file organization.

Just make sure proper permissions are always in place. This will prevent issues.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .