Out of sight is out of mind!!!
Me again...this is slightly off topic so I'll apologise in advance. I'm still trying to deploy AD file security though!
A problem I'm trying to solve is that of hiding parts of the Active Directory file system which users do not have permission to access.
I want to have a top level directory called 'Departments' and beneath that I want to put a folder for each respective department in the Company. Some users only have acess to one Department while others have access to many. I want to map the 'top' level to a fixed drive letter for the whole Company and have users see only those directories for which they have access.
This is the problem...In order to map the top level I have to either set it as a DFS root or create a share. This automatically gives ALL users access to SEE every folder within the share, even if they don't have access rights to drill down further. I do not want this. Under Netware this doesn't happen as you do not need security/access rights to have a drive mapping, only to see the files/folders BELOW the mapped point.
I have found a 3rd party product by Scriptlogic called 'Cloak' that will do exactly what I want. It sits on the server and intercepts ALL AD requests for file access. If a user does not have access to a resource it doesn't pass the info on to AD. It's very neat but I cannot figure out why I can't do this using Microsoft's so-called 'superior' OS.
If there's another way I'd be very grateful if someone could help. I prefer not to have to deploy 3rd party apps if possible.
Thanks in advance
Mike
A problem I'm trying to solve is that of hiding parts of the Active Directory file system which users do not have permission to access.
I want to have a top level directory called 'Departments' and beneath that I want to put a folder for each respective department in the Company. Some users only have acess to one Department while others have access to many. I want to map the 'top' level to a fixed drive letter for the whole Company and have users see only those directories for which they have access.
This is the problem...In order to map the top level I have to either set it as a DFS root or create a share. This automatically gives ALL users access to SEE every folder within the share, even if they don't have access rights to drill down further. I do not want this. Under Netware this doesn't happen as you do not need security/access rights to have a drive mapping, only to see the files/folders BELOW the mapped point.
I have found a 3rd party product by Scriptlogic called 'Cloak' that will do exactly what I want. It sits on the server and intercepts ALL AD requests for file access. If a user does not have access to a resource it doesn't pass the info on to AD. It's very neat but I cannot figure out why I can't do this using Microsoft's so-called 'superior' OS.
If there's another way I'd be very grateful if someone could help. I prefer not to have to deploy 3rd party apps if possible.
Thanks in advance
Mike
0 Comments
[ + ] Show comments
Answers (0)
Please log in to answer
Be the first to answer this question
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
