Restricting People Seeing Available Directory SHARES

[MarkDicken]

He is a good one ...

I have a number of Directory Shares on out NT 4.0 Server. I have setup correctly who has read and modify access rights.

Now what would be really good is to let the SALES department see only the SHARES that are applicable for them and likewise for other departments.

This was managed ok min OLD Novell and I think what I'm asking for cannot be done ... does anyone have the answer (or a good workaround)

Many Thanks In Advance ...

Regards

Mark Dicken, MCSE
England, Unkited Kingdom

markd@trainingserve.com

 

[yizhar]

HI!

You can create in NT/2000 hidden shares with the $ symbol like:

SALES$

and then use login scripts of other techniqe to map clients drives to the hidden shares (same as mapping to normal shares).
This will require some reconfiguration ofcourse.
This way you can hide all the shares you want.
It is not exactly what you asked for but it may answer your needs.

Ofcourse you still have to manage the permisions - remember that in MS servers you have both SHARE and NTFS permissions.
My advice is to set both to let only the permitted groups access through.

Also remember that NT4 NTFS permissions do not have good inheritance techniqe like in Netware or Win2000.
You may use my free utility "Permiter" (see link below) to help with NTFS permissions implementation.

http://teachers.sivan.co.il/yizhar/#NUTS

Bye
Yizhar
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[MarkDicken]

Yizhar

Your advice is great ('Thankyou'), but things generally get done 'slowly' at the present company I am working for. (their speed not mine)

Your Solution is more of a Final Solution for us rather then a Stepping Stone in the right direction towards our final goal.

Does anyone else have an alternative solution the the original posting.

Many Thanks In Advance ...

Regards

Mark Dicken, MCSE
England, United Kingdom

 

[MarcS1]

You cant to my knowledge restrict people from actually seeing a share if they browse the server. As you mentioned this is default behaviour for Netware but cant be done with a standard NT installation. If there is a way of doing it let me know.

Should have stuck with the Novell : )

 

[yizhar]

HI!

Well, you can share a parent folder/drive to all users, and the use NTFS permissions to allow each department only to see their folders.
This is quite like in Netware.

This way you have only 1 share for everyone (like a Netware Volume) and list access permissions on sub folders like Netware trustees.

However for this you will also need some reconfiguration - and the main thing is that for my opinion you won't get much benefit since your current configuration or my previous post seem better FMHO.


Bye

Yizhar
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[Jpoandl]

The only thing I can think of is something like this: (and this is not a good solution)

On each server have 3 or 4 (or however many depts. you have) main shared directories:

- f:\IS Dept
- f:\human resources
- f:\general share
- f:\management

Place all related information below each shared directory.

Place permissions so that only IS Dept users can access the IS dept share, only Human Resources member can access the HR shares....etc

Now, it is only after the user enter's thier share, can they see the information located below.

This will force you to re-structure your whole share structure. I wouldn't do this. Instead, I would tell my users that they will be able to see some share that they will not have access to.....deal with it!

In general, I try to create logon scripts so that the users will have access to the shares that they use. For example, I create logic in my logon scripts so that when members of the Finance department logs into the network, they get 2 Finance drives automatically mapped and one general drive mapped. This logic helps me control access for the end users.



Joseph L. Poandl
MCSE 2000