Is it possbile to prevent a directory from being listed in Windows?

I'm using Windows Home Server 2011 and connecting to it with various Windows 7 version clients.

Suppose I have a shared directory (or server folder) mydir on my WHS box which contains a subdirectory private. When a given client lists the contents of mydir, is it possible to instruct WHS to display private only if the given user is authorized? It's easy enough to prevent access to private but I don't even want it listed.

Note that marking the directory as hidden is not at all what I want to do since that would also force an authorized user to change the viewing state of hidden directoies and files and could be easily undermined by anyone that can list the contents of mydir.

windows-home-server

gvkv

Posted 2011-10-19T17:57:59.833

Reputation: 519

Answers

Using Access Based Enumeration correctly will do exactly what you want (in fact, that's what it's made for), but I'm not having much luck finding good information on usage in WHS 2011 in particular. This blog post indicates all the ways that ABE can be enabled (or not), and this StackOverflow question indicates that ABE is available in WHS 2011.

afrazier

Posted 2011-10-19T17:57:59.833

Reputation: 21 316

1Official description here, and it's available starting with Server 2003 SP1. – user1686 – 2011-10-19T18:09:34.527

Are all the same wizards/snap-ins available in WHS 2011 though? – afrazier – 2011-10-19T18:19:01.500

I don't have experience with Home Server, but Windows file sharing in general does not provide that capability. (EDIT: Looks like Home Server does offer that functionality) If you look at the file sharing permissions, you can assign a user a permission of Read, or Read/Write. That's it. There are a lot more permissions available to local accounts, but even those don't allow to not list a certain folder.

The only thing I can think of that would prevent the user of seeing it would be to use FTP where you can have much finer control over what a user has access to thanks to virtual directories.

One thing that you might want to try is to have a different share folder for regular users versus a private user. The directory for regular users would have all the files. For the private user, you could have another folder that uses junction points (mklink) to point to the main folder, then has the "private" folder separate inside. I'm not sure if using junction points link this would work for SMB, but it might work.

Chris Thompson

Posted 2011-10-19T17:57:59.833

Reputation: 4 765

The only way to hide the contents of a folder from someone is to remove read access to the folder. Once you have read access to a folder then you can see all the members of the folder – whether the user has further access to the individual members or not.

Richard

Posted 2011-10-19T17:57:59.833

Reputation: 8 152

I can hide the contents of the folder indeed, that's not a problem but I like to hide the folder as well since the user can't access or view it anyways. I dug into it on google and think it's called 'Access-based Enumeration' for Windows Server 2003 but can't find it on WHS 2011 :( – None – 2011-09-26T13:53:24.137

@Mark That's a new one on me – only applies to access over shares but that should be OK. The first WHS was derived from Win2k3, so it might work for you. First search hit was http://technet.microsoft.com/en-us/library/cc784710%28WS.10%29.aspx which includes a link to a tool to set this flag (on a share, rather than a folder within that share).

– Richard – 2011-09-26T13:58:22.260

I am just afraid that update only works for Windows Server 2003 and will make my current Windows Home Server 2011 crash. Is that a possibility or can I safely try? – None – 2011-09-26T14:06:38.703

Because at the download page http://www.microsoft.com/download/en/details.aspx?DisplayLang=en&id=17510 it says supported OS Windows Server 2003

– None – 2011-09-26T14:09:16.690

@Mark Have you tried it? It will probably work. – Richard – 2011-09-26T14:15:19.980

I didn't need to install anything. It's just there already but in my language it's translated differently that's why I didn't know it was already there. Thanks for your help. – None – 2011-09-26T14:32:18.597