Article ID : 303758
Last Review : September 30, 2003

Novell NetWare administrators can configure permissions so that users cannot
see files or folders in the file system for which the users do not have Read
access by removing the File Scan (F) permission. This type of access control
is not supported by the NTFS file system. There are currently no plans to
include this functionality in Windows.

My Current Problem and Question:

Currently we are in progress of Migrating from Novell 6.0 to Server 2003. We
have 8 Sites (thus 8 Servers) and each server has its own office and
geographical area.

Here are my current shares for all users

H:=\\Headquarters-dc\Headquarters
I:\\District1-dc\district_1
J:\\District5-dc\district_5
K:\\District6-dc\district_6
L:=\\ jccl-dc\Lewiston
M:=\\fiscal-dc\Fiscal
N:=\\jccn-dc\Nampa
S:=\\jccs-dc\St_Anthony

the above shares are in a global script (in NDS) so that all users map
identically, then with Novell's file permissions we can control what is seen
and not seen and if a user has no permissions to any folders or files on that
server they get a blank directory structure in that share.

As you can see from the summarized Microsoft Article #303758 from approx
2years ago that NTFS would never be as superior as novell in File and Folder
permissions functionality...

I cannot have unauthorized users accessing for example the Human Resources
directory on our Headquarters Drive... but they still have to have access to
the Policies and Forms Directories on that same drive. We do not wish to
reorganize our data layout or change our method of sharing out data (One
drive Letter = one server).

I would like to know if this is still the case on the NTFS Functionality are
there any future changes coming and if so what kind of timeline are we
looking at?
Or Am I stuck looking at reorganizing the way we share out data?
Even 3rd party software that will fill the missing gap from NDS to NTFS at
this point would be great.

Thank you in advance.
Sincerely
Dave

I do not mean to flame anybdoy but it seems like this was come with a
very trollistic manner and is attempting to present the idea that users
can access the files.


If a user does not have read permission and/or is denied readpermission
on a directory then the user may see that directory but that user
cannot browser anything in that directory. This being said, the only
folder they would be able to "see" would be the root folder. Just
because they can see the root folder does not mean they can either a)
browser the folder, b) browser the contents of the folder or c) access
any files/folders inside of the folder.

I think the capability being referenced is such that you can prevent the
ability to see a folder entirely, not just the ability to read it.
That is, take this example: \\server\users
In users we have two folders: Eric and Jane. You want Eric to see only his
folder, and not see Jane's. Before today, you could always prevent Eric from
reading anything within Jane's folder. But if Eric has the ability to read
the users folder (which he probably does, to get to his own) he would see
the existance of the Jane folder.
I think you want to remove the ability to even see the Jane folder is
present.

Is this correct?

If so, this has been added in Windows Server 2003 SP1 (due out soon). If you
want to test it immediately, go ahead and download the server 2003 SP1
release candidate (the "final beta build" if you will) and try it. It is
documented in the SP1 docs as well.

~Eric

Show quoteHide quote

Alias a UNC Host Name in Server 2003
Group policy
Process limit for Win2k Service
Does anybody have the URL to download W2000 server service pack 3?
Question about setting up a print server
Formatting a single partition on a multiple partiton server
Protocol error when connecting to remote server using term service
KIX scripting
Stop Codes 0x000000DB? becasue of my ignorance
How do I "Undo" extension of a volume