2
0
A network shared folder KAISHA contains a bunch of folders
- Accounting
- IT
- Management
- etc...
The shared folder is hosted by a Linux / Samba4 machine, that serves Active Directory as well.
Clients are Windows 7+.
All of that works fine.
However, only accounting people have access to Accounting, only IT people have access to IT etc...
But, everyone sees all the below folders when connecting to KAISHA, even though they may not have an access inside.
It would be better to see only the folders to which one has access.
Question: is there a setting in Active Directory / Folder sharing / Folder permissions to only show a folder to people having at least Read access to it?
Ring Ø
Posted 2015-06-29T15:56:22.427
Reputation: 483
You may be able to grant "Traverse Folder" on "KAISHA" but not "List Folder". This should make it so they can't see the directories, though they likely won't be able to see their own directory either (they must know the name to get to it). – ssnobody – 2015-06-29T22:06:14.317
This is called Access-based Enumeration, by the way. – Daniel B – 2016-01-01T16:51:22.463
1@Ringo . . . You say
only accounting people have access to Accounting, only IT people have access to IT etc...based on these words, there will NEVER be an instance where some one person will need access to more than one directory beneath thisKAISHAshare. If that is the case, then you can have these people's mapped drives map to the applicable departmental subfolder rather than the share. If there are cases where that's cross departmental for some, then that may not work. Not sure how you're mapping the drives on the Windows PCs like login script, group policy preferences, etc. – Pimp Juice IT – 2016-01-03T06:09:18.703