Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Changing folders within a drive into drives in their own right

windoes server 2012 active di

  • Please log in to reply

#1
noobsaibot21

noobsaibot21

    Member

  • Member
  • PipPipPip
  • 109 posts

Hi Geeks,

 

Having a complete brain fart and cant remember if the following is even possible. Just started a new tech job and need to tidy up after the last IT guy (who set things up and didn't document *anything*). Can anyone advise me of how I can change folders in a drive into drives themselves? For example, imagine the following folder stricture...

 

H: Filestore > Company 1 folder > *files&folders*

H: Filestore > Company 2 folder > *files&folders*

H: Filestore > Company 3 folder > *files&folders*

H: Filestore > Company 4 folder > *files&folders*

 

Etc,,,

 

Anyway, at the moment, every user in every company can see the other company's folder.  They dont have access to them aside from their company folder (and that's the way it should be) however, is there any (easy/straightforward) way I can hide references to the other company folders on the H: drive? Or better yet, is there any way I can set it so for example, if a user in company 1 clicks on H:, they go straight in to the Company 1 folder? And obviously the same for users based on their company? Again, permissions set are all fine and I can deny the ability for users to map drives - just want to hide references to other companies.

 

This is on a Windows 8 environment (metro, urgh) with Active Directory.... 2012 I presume (forgot to check). Any help would be greatly appreciated.

 

Many thanks

Noobsaibot21


  • 0

Advertisements


#2
dsenette

dsenette

    Je suis Napoléon!

  • Community Leader
  • 26,047 posts
  • MVP

what your users see,  of course is completely controlled by how they're connected to these "drives" and their permissions.

 

what I imagine you're describing from the server side is a server with one or more volumes mounted as various local drive letters. I'm assuming that on the server the drive letter is actually H:...doesn't have to be, but that's my assumption. within that volume/hard drive you've got a folder called.....something, and that folder has other folders inside of it with the company names.  I'm guessing the root folder (named something) is what is shared, and then individual permissions are assigned to the company folders inside of that folder

 

on the client side, I'm imagining all the users are mapped to that shared folder inside of the root of the drive.

 

one method would be to map the drives at the client directly to the company folder (i.e. for company 1 map the drive to \\fileserver\H:\company1 instead of \\filesever\H:\). then in explorer the users will just see their company folder opened when they click on the mapped drive letter....of course, a savvy user could always press the directory up button and still get to the root of the share and see the other folders. still couldn't get into them assuming the permissions are right, but they couldn't see them from the default view.

 

another method would be to move each company folder into their own root folder (or even to the root of the volume/drive itself) and share each company folder directly instead of sharing the root folder that contains them (you should never be sharing the root of the volume to users, and if a folder inside of the root, contains folders that you want to granularly assign sharing permissions to, you shouldn't share that root either...which is what your predecessor did). assign the proper permissions on these folders to restrict access, and then of course, for each company, map them locally accordingly.  in this scenario, since each company's individual folder is the root of the share that they have permission to (they don't have permissions to the root container of the shared folders, and they don't have permissions to each other's company folders) even if they press the directory up button, they won't be able to see the other company folders

 

you'll also probably want to check out access based enumberation http://technet.micro...1(v=ws.10).aspx . basically means any user that doesn't have read rights to a shared folder, can't even see the folder. the advantage here is that if you need to create more granular permissions in the folders contained within the company folders that would obscure data, while still maintaining a single mapped drive structure. like, if company1 folder has a folder inside called "performance reviews" and you only want H.R. staff to see/get into that folder, you just deny everyone but H.R. read permissions and no one else in company1 will even know that folder exists.


  • 0

#3
noobsaibot21

noobsaibot21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts

Cheers dsenette,

 

I have managed to do the first two paragraphs as you explained above (more familiar with batch scripts personally but the head honcho understandably wants me to use AD as visibly as possible). I hadn't considered the directory up button though - Access based enumberation is what I was looking for :)

 

It's still a little messy though much better - Will try to convince the boss to properly create separate drives rather than drive the folders.

 

Cheers, you can mark this as closed for now :)


  • 0

#4
dsenette

dsenette

    Je suis Napoléon!

  • Community Leader
  • 26,047 posts
  • MVP

with the access based enumeration you don't have to move anything from where it is assuming the permissions are correct


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP