Access based enumeration in Server 2012
Whistlestop
Member Posts: 20 ■□□□□□□□□□
in Off-Topic
I would be grateful for some help with a file sharing issue I have.
I am running Server 2012 r2 and a couple of Win 7 VMs in Virtualbox in order to get more familiar with a domain server environment. I created a folder entitled "K Drive" on the root of C on my Server. I then created a couple of sub folders called HR, Operations
On the K drive, I implemented Shared access to everyone and then used NTFS permissions on the sub folders so that access is as follows:
HR folder has read/write/modify access by staff in the "HR group"
Operations has read/write/modify access by staff in the "operations group"
When a member of the HR group logs in, they click on "My computer" and see that the K drive has been mapped. Opening up this folder shows the two sub folders HR and Operations. They can only read/write to the HR folder which is great. If they try opening the "Operations" folder an error is generated saying that they do not have access (this is as intended)
Same applies to the Operations group of people who can only access the operations folder.
I would now like to go one step further with my scenario and implement an additional feature which prevents folders which groups or users seeing a folder they do not have access to. I read about "Access Based Enumeration" and I have enabled this for the folders in File and storage services>shares. Logged the users out/in but still they are seeing all the folders in the K drive.
Can anyone help me fix this issue please?
I am running Server 2012 r2 and a couple of Win 7 VMs in Virtualbox in order to get more familiar with a domain server environment. I created a folder entitled "K Drive" on the root of C on my Server. I then created a couple of sub folders called HR, Operations
On the K drive, I implemented Shared access to everyone and then used NTFS permissions on the sub folders so that access is as follows:
HR folder has read/write/modify access by staff in the "HR group"
Operations has read/write/modify access by staff in the "operations group"
When a member of the HR group logs in, they click on "My computer" and see that the K drive has been mapped. Opening up this folder shows the two sub folders HR and Operations. They can only read/write to the HR folder which is great. If they try opening the "Operations" folder an error is generated saying that they do not have access (this is as intended)
Same applies to the Operations group of people who can only access the operations folder.
I would now like to go one step further with my scenario and implement an additional feature which prevents folders which groups or users seeing a folder they do not have access to. I read about "Access Based Enumeration" and I have enabled this for the folders in File and storage services>shares. Logged the users out/in but still they are seeing all the folders in the K drive.
Can anyone help me fix this issue please?