Network share folder struture and how to hide it???

Help please, I’m in need of an 2k guru me thinks. I’m putting a new 2k Srv box live and have come across a potential problem while moving data from our existing Novell server to the new folder structure.

Windows Networking 2246 This topic was started by ,


data/avatar/default/avatar28.webp

2 Posts
Location -
Joined 2003-06-30
Help please, I’m in need of an 2k guru me thinks.
 
I’m putting a new 2k Srv box live and have come across a potential problem while moving data from our existing Novell server to the new folder structure. I have created user home folders, dept shares and a transit share location, the problem is even tho users don’t have access rights to certain folders they can still list them.
 
Ie.
 

Code:
p:\share\dept\accounts                directors              hr              managers              r&d                       shopfloor              technical              …p:\share\users\joe.bloggs              john.smith              del.trotter             …p:\share\temp\     
 
The folder p:\share is shared and mapped to a single drive letter on the client PCs (they’re simple folk who don’t understand how to use more than one network drive), using a combination of share permissions and NTFS permissions I have the actual data within the folders locked down tight.
 
The problem for me is because the users have read/list rights @ the root of the share they get to see the 1st / 2nd level directory structure even if they can’t access the subfolders their not entitled to. Under Novell this wasn’t a problem because if a user has no rights to a folder it simply doesn’t appear in their folder list which was great. Currently although a std user can’t access the directors folder, the fact they know of it may tempt them into trying to gain access, altho this shouldn’t be a problem unless a directors / admin login is compromised. But you try explaining to a non-techie director / senior manager the fact that although a user can see it, it poses little or no security risk. I have considered sharing each folder a user would need then mapping each share to a drive letter on the client PCs, but this becomes very impractical when several mappings are required and when people are used to a single drive letter with all there accessible shares on it. I did look at using DFS, then I looked at how DFS worked and giggled
 
I do hope there is something simple (or not so simple) I’m missing here, I am by no means a 2kSrv wiz kid but I am very familiar around the OS and this has me stumped.
 
Welcome any suggestions (except sticking with Novell ).
 
Thanks
 
Ps. Been a lurker here for a while so big thanks to the many helpful posters

Participate on our website and join the conversation

You have already an account on our website? Use the link below to login.
Login
Create a new user account. Registration is free and takes only a few seconds.
Register
This topic is archived. New comments cannot be posted and votes cannot be cast.

Responses to this topic


data/avatar/default/avatar05.webp

748 Posts
Location -
Joined 2001-05-21
It would be easiest to create separate shares for each folder - if you append the share name with the dollar sign ($), this will mean that your users will not be able to browse to the folder through Network Neighbourhood/Network Places.
 
You could use login scripts to map the drives...
 
Just a couple of thoughts
Rgds
AndyF

data/avatar/default/avatar28.webp

2 Posts
Location -
Joined 2003-06-30
OP
Thanks Andy, it's something i've considered but several users require lots of access so it's not practical due to having lots of mappings.
 
So far the best i've come with is nesting the users under there own dept. folder, not ideal but it stops prying eyes further up the folder structure. I'm still amazed that M$ can't provide a similar solution to our aging Novell 4 server, maybe when DFS is developed further it will be the answer to my question but not yet at least .