Having run a Netware server at our company for 20 years we are now changing to Windows Server 2008 Standard. It is a bit of a struggle to understand the Share / NTFS permissions thing but I think I am getting a handle on it. What I can't figure out is this: How do I keep users who don't have permissions to certain folders from even seeing those folders on our server? When they get a directory it should only show the folders they can actually access. My structure is simple. I have several groups and each group is given appropriate access to whatever folders at the root they need access to. Then I have users assigned to those groups. This works fine. The different users can only get into the folders they should be able to. But they can see the other folders. I have the Users group assigned Full access to the root volume. I found if I didn't do that then they can't access the volume at all even if they had some kind of permissions on a folder within the volume. I removed Users from each of the root folder permissions, turned off inheritance, and added my individual groups to each root folder. Also, only the root volume has Sharing on. Please correct my configuration or describe the best way to set this up. Regards, Jim

What I can't figure out is this: How do I keep users who don't have permissions to certain folders from even seeing those folders on our server? When they get a directory it should only show the folders they can actually access.Hello Jiim,By default users will see all shares/folders eventhough they don't have the proper permissions to access it.To keep users from users from seeing folders that there aren't supposed to see, you will use Access Based Enumeration (ABE). You can enable it by opening the Share and Storage Management MMC to view your list of shares, open the properties for the target share, click Advanced and add the tick to Enable access-based enumeration.Isaac Oben MCITP:EA, MCSE

Hi, As Isaac explained, Access-based Enumeration is our solution. Please refer to the following article to configure Windows Server 2008. How to enable Access-based Enumeration for a Distributed File System (DFS) share in Windows Server 2008 http://support.microsoft.com/kb/961658 Please also refer to the following articles to get more information about NTFS: Best Practices for Securing Files with NTFS Permissions http://technet.microsoft.com/en-us/library/cc782737(WS.10).aspx Share and NTFS Permissions on a File Server http://technet.microsoft.com/en-us/library/cc754178.aspx Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks for the great, simple, answer. That did the trick. I knew it would be something simple, if not that obvious. Jim

I can't tag an answer. Would anybody be so kind as to do ? ShemsInformation is the most valuable commodity I know off.