Sign in with
Sign up | Sign in
Your question

Win2003 server - difference between login and my network p..

Last response: in Windows 2000/NT
Share
February 21, 2005 11:10:54 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Hi,
I'm trying to set up a windows 2003 server to replace an old Novell 3.2
server. I have a folder called "private" and each user has a folder in this
"private" folder. This top level folder, "private" is set for sharing with
only admins able to see and modify. The folder has "traverse" set on so that
users can drill through the top level and get to their folder.
When the user logs in, drives are mapped ok and the user cannot see anything
they shouldn't. Specifically, they can only see there own "home" folder, as
P:\username - they cannot see or browse to any other users private folder
via the mapped drive.
The problem is, they can use My Network Places to browse to the home folder
and see all the other users folders and contents.
My question is - Have I done something fundamentally wrong in the setup OR
do I need to disable "My Network Places". If I need to disable "My Network
Places" can I do that on the windows 2003 server rather than on the clients
PC?

Many thanks
Anonymous
February 22, 2005 11:46:31 AM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

On Mon, 21 Feb 2005 20:10:54 GMT, "Confused" <confused@nowhere.com> wrote:

>Hi,
>I'm trying to set up a windows 2003 server to replace an old Novell 3.2
>server. I have a folder called "private" and each user has a folder in this
>"private" folder. This top level folder, "private" is set for sharing with
>only admins able to see and modify. The folder has "traverse" set on so that
>users can drill through the top level and get to their folder.
>When the user logs in, drives are mapped ok and the user cannot see anything
>they shouldn't. Specifically, they can only see there own "home" folder, as
>P:\username - they cannot see or browse to any other users private folder
>via the mapped drive.
>The problem is, they can use My Network Places to browse to the home folder
>and see all the other users folders and contents.
>My question is - Have I done something fundamentally wrong in the setup OR
>do I need to disable "My Network Places". If I need to disable "My Network
>Places" can I do that on the windows 2003 server rather than on the clients
>PC?
>
>Many thanks
>
You have granted the users NTFS read access to the other users folders. You may even have granted more than read.
The NTFS permissions on Private should be Administrator and System, Full and Authenticated Users Traverse.

User folders can inherit they or not (your choice). User folders should
be User Change (or full) Administrator and System Full.

The above will allow all users to see the top folder name of other users, but no content.
To prevent that, use Cloak (http://www.jsiinc.com/catalog/ScriptLogic.htm)


Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
!