Dynamic Access Control - User access

Dear Forum,

I am still having a few user access issues with configuring Dynamic Access Control in our lab environment and hoped to find my answer here, as there is almost nothing to find elsewhere.
Example folder structure.
Level 1 directories:
Sales
Finance
Planning

Level 2 directories (Planning):
Party
Rental
Comptetition

Issues:
- Users keep seeing folder to which they do not have access to, even though access based enumeration has been activated.
- Users access keeps being blocked if I have not configured TraverseFolder + List Folder permissions on level 1 directories, while the user has modify permissions on level 2 directories.

What I want:
- On both level 1 and level 2 there are multiple directories.
- I want to give user A permissions to a level 2 directory called "Party".
- I do not want user A to be able to see, nor directly access any other directories or files on level 1 or level 2 other then the "Party" directory and its contents.

How can I accomplish this?

With kind regards,

Bob Lauteslager

July 23rd, 2015 6:31am
If it is the only folder you are planning to delegate Y not try the home folder option in AD. You can also try mapping the folder to the user.
Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2015 6:59am

Dear Eric,

Thank you for the reply.

In this case it is just an example which includes just one directory from level 2, but more often then not a user requires access to a few level 2 directories, which reside in different level 1 directories.

Also think of it that the level of the directories reside on are not allowed to be changed.

Hopefully I have clearified things a bit more.

With kind regards,

Bob Lauteslager

July 23rd, 2015 7:09am

Hi Bob Lauteslager,

Based on my knowledge, you could use ABE to hide the other folder that without permission. Grant Read permissions on the parent folder -only. Configure ABE on the share. Then grant permissions to only the individual child folders to the users/groups in question. This will allow users to view only the parent folder and the specific child files/folders that they have rights to.

http://community.spiceworks.com/how_to/45158-configure-access-based-enumeration-server2012

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Hope it would be helpful. And if you have any problem related to the thread, please feel free to contact us.

Best Regards,

Mary Dong

Free Windows Admin Tool Kit Click here and download it now
July 24th, 2015 2:31am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics