/build/static/layout/Breadcrumb_cap_w.png

Out of sight is out of mind!!!

Me again...this is slightly off topic so I'll apologise in advance. I'm still trying to deploy AD file security though!

A problem I'm trying to solve is that of hiding parts of the Active Directory file system which users do not have permission to access.

I want to have a top level directory called 'Departments' and beneath that I want to put a folder for each respective department in the Company. Some users only have acess to one Department while others have access to many. I want to map the 'top' level to a fixed drive letter for the whole Company and have users see only those directories for which they have access.

This is the problem...In order to map the top level I have to either set it as a DFS root or create a share. This automatically gives ALL users access to SEE every folder within the share, even if they don't have access rights to drill down further. I do not want this. Under Netware this doesn't happen as you do not need security/access rights to have a drive mapping, only to see the files/folders BELOW the mapped point.

I have found a 3rd party product by Scriptlogic called 'Cloak' that will do exactly what I want. It sits on the server and intercepts ALL AD requests for file access. If a user does not have access to a resource it doesn't pass the info on to AD. It's very neat but I cannot figure out why I can't do this using Microsoft's so-called 'superior' OS.

If there's another way I'd be very grateful if someone could help. I prefer not to have to deploy 3rd party apps if possible.

Thanks in advance

Mike

0 Comments   [ + ] Show comments

Answers (0)

Be the first to answer this question

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ