Sign in with
Sign up | Sign in
Your question

NTFS Permissions to Hide Files or Folders

Last response: in Windows 2000/NT
Share
June 7, 2004 7:08:15 AM

Archived from groups: microsoft.public.win2000.file_system (More info?)

How do I,
Configure NTFS Permissions to Hide Files or Folders from
Unauthorized Users

Novell NetWare administrators can configure permissions so
that users cannot see files or folders in the file system
for which the users do not have Read access by removing
the File Scan (F) permission. Is this type of access
control in the NTFS file system. Therefore, users can view
the contents of any folder for which the user has the List
permission. Removing the List permission for the folder
prevents the user from gaining access to any file in the
folder, and what is needed is the old ability to give a
list, or view yes/no for a user group, maybe in the gpo,
a .adm file, or ntfs acl lists?

Please help
CTH
herndon@tagesspiegel.de
June 10, 2004 1:08:56 AM

Archived from groups: microsoft.public.win2000.file_system (More info?)

there is no equivalent in NTFS; you can only deny them access to view the
contents, not the mere existence. That's unique to NetWare.


"> How do I,
> Configure NTFS Permissions to Hide Files or Folders from
> Unauthorized Users
>
> Novell NetWare administrators can configure permissions so
> that users cannot see files or folders in the file system
> for which the users do not have Read access by removing
> the File Scan (F) permission. Is this type of access
> control in the NTFS file system.
December 30, 2004 4:28:13 PM

Archived from groups: microsoft.public.win2000.file_system (More info?)

There is a 3rd party product which will deliver the solution you're
looking for. It's called "Cloak" and you can get more information here
-> http://scriptlogic.com/cloak (you can even d/l an eval version and
try before you buy).

In my opinion, there are three primary reasons you'd want hide files &
folders in the Windows enterprise (excluding the fact that hiding
subfolders is part of all the other major NOS vendors, including
NetWare and Linux).

1) "out of sight - out of mind" adds a layer of security. Ever hear the
phrase 'curiosity killed the cat'? Some folks will certainly debate
this point, saying that showing someone the door to the safe doesn't
mean it is any easier to gain access to. Counter point being that if no
one knows the safe is there, no one will try to gain access in the
first place. And I guess that is why they sell wall safes and floor
safes for homes, right?

2) The 'streamlined user experience.' If you map drives (or use UNCs)
to get to departmental shares, don't you think a user is more
productive and less confused if they only see the 4 folders they have
access to rather than 30 folders (26 of which they can't access
anyway)?

3) More accurate file system auditing. If you audit your file system
access, hided file & folders will reduce the number of 'false
positives' in your security event log. Now you can actually pay
attention to the 'Object Access - Failure' events since they can't be
chalked up to accidental mouse clicks in Explorer.
January 4, 2005 5:49:03 AM

Archived from groups: microsoft.public.win2000.file_system (More info?)

Very interesting!
But how can I d/l?
I tried but didn't succeed to...

Thank you!

"Kilroy" wrote:

> There is a 3rd party product which will deliver the solution you're
> looking for. It's called "Cloak" and you can get more information here
> -> http://scriptlogic.com/cloak (you can even d/l an eval version and
> try before you buy).
>
> In my opinion, there are three primary reasons you'd want hide files &
> folders in the Windows enterprise (excluding the fact that hiding
> subfolders is part of all the other major NOS vendors, including
> NetWare and Linux).
>
> 1) "out of sight - out of mind" adds a layer of security. Ever hear the
> phrase 'curiosity killed the cat'? Some folks will certainly debate
> this point, saying that showing someone the door to the safe doesn't
> mean it is any easier to gain access to. Counter point being that if no
> one knows the safe is there, no one will try to gain access in the
> first place. And I guess that is why they sell wall safes and floor
> safes for homes, right?
>
> 2) The 'streamlined user experience.' If you map drives (or use UNCs)
> to get to departmental shares, don't you think a user is more
> productive and less confused if they only see the 4 folders they have
> access to rather than 30 folders (26 of which they can't access
> anyway)?
>
> 3) More accurate file system auditing. If you audit your file system
> access, hided file & folders will reduce the number of 'false
> positives' in your security event log. Now you can actually pay
> attention to the 'Object Access - Failure' events since they can't be
> chalked up to accidental mouse clicks in Explorer.
>
>
!