Oh the good old days of Netware! Reboot server once a year.
On Wed, 15 Nov 2017, Bud Durland wrote: > [Nostaligia mode on] > Netware: > Right click on target folder > add user & set permissions > click OK > done. No worries about access/visibility of files folders higher in the tree. > [Nostalgia mode off] > > > Bud Durland???? | ????Director of Information Technology > Direct: 518.324.4850 | Cell: 518.726.0967 | Fax: 518.561.0017 | > [email protected] > 1 Plant St., Plattsburgh, NY 12901 > Website??|?? Twitter??|?? LinkedIn??|?? YouTube > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Michael Leone > Sent: Tuesday, November 14, 2017 11:51 > To: [email protected] > Subject: [NTSysADM] Accessing only a lower level folder in a share > > It's been so long since I've had to do this, I need a check. I'm doing > something fundamentally wrong, I think. > > We use groups to set share/ACLs on folders. I got a request to share a > 4th level sub-folder with other employees not in the ACL. So what I > have is: > > Folder A1 (shared) > -->>B2 > -->>C3 > -->> D4 (this is the one I want to allow access to) > > Now, the share permissions on A1 is for DevelopmentGroup, and the NTFS > permissions are the same. Those permissions just flow down to B2, C3 > and D4 (i.e., normal inheritance). > > Now, I'm pretty sure the only way to allow access to only D4, and not > allow access to B2 and C3 or even see files there, is to enable ABE. > But I've never done that, and am leery of enabling it in production, > without a whole more testing and forethought (I shudder to think of > all the help desk calls, if I get something wrong). > > Am I correct that only ABE will do what I am thinking of (allow access > only to D4 and hide contents of A1, B2, C3)? > > Barring ABE, there's nothing I can do, short of granting a new group > access to D4, and living with the consequences? > > Thoughts? At this point, I want to just add the new group to the NTFS > permissions of D4 only, and live with the fact that these new group > members can see everything higher up. > > > > > NOTE -- This message contains legally privileged and confidential information > and is intended only for the individual named. > If you are not the named addressee you should not disseminate, distribute or > copy this e-mail. > Please notify the sender immediately by e-mail if you have received this > e-mail by mistake and delete > this e-mail from your system. Thank you. > > >
