I need to setup a shared folder so that users can create subfolders and files but must not see files/folders created by other users. I tried setting Traverse Folder (only permission given) to the main folder and write permission to subfolders/files, but users are unallowed to access main folder. Any ideas?
Asked
Active
Viewed 428 times
-1
-
https://technet.microsoft.com/en-us/library/dd772681(v=ws.10).aspx – Harry Johnston Aug 12 '16 at 01:29
-
But note that it doesn't usually make sense to give users write access but not the ability to view other people's filenames. They'll still be able to tell what the filenames are, at least potentially, because if they try to create a file with the same name they won't be able to. – Harry Johnston Aug 12 '16 at 01:31
-
(As for traverse folder access, that only works if you're manipulating the folder from software or via the command line. The GUI doesn't support it.) – Harry Johnston Aug 12 '16 at 01:31
1 Answers
0
It was something related to Access-based Enumeration. I checked that ABE was enabled on the main share and I thought it would be kind of recursive.
When I shared the subfolder, I used the advanced sharing in windows explorer but, reading the technet:
Windows Explorer enables access-based enumeration on shared folders by default
On a computer that is running Windows Server 2008, access-based enumeration is enabled by default on every folder that is shared by using the File Sharing feature. (This is the default sharing feature that is available through Windows Explorer). However, access-based enumeration is not enabled by default on the following types of shared folders: Shared folders that are created with Share and Storage Management, Advanced Sharing in Windows Explorer, or the net share command
Gotrekk
- 494
- 2
- 15