|T O P I C R E V I E W
||Posted - 06/09/2011 : 1:10:04 PM
I may have ask this before, but here goes.
AD 2003 server with the Apps folder shared to Everyone to get to main program data. Then sub folders for user data with Security set for just that user (administrator and System also).
Now we are setting up a remote VPN for remote company to access some shared files in the Common Folder (it is under the Apps). The remote users need access to Common and they also need access to main program data (which they access through TS)
If I add the remote site users to the top folder Apps and mark Deny, but then add to the Common and Main Data and Give Full Access, will the Deny over-ride the ones below?
|5 L A T E S T R E P L I E S (Newest First)
||Posted - 06/10/2011 : 02:54:21 AM
yes, this should work. And if you have ABE in place, they won't even see the folders they have no rights on.
||Posted - 06/09/2011 : 5:38:44 PM
OK, so if I do not Deny, will the "List" work that Hairtrigger mentioned. I don't care if they see the other folders, just no access into them.
||Posted - 06/09/2011 : 3:07:56 PM
> Deny always wins...
I'm with Evgenij on this one. An explicit allow wins over an inherited deny.
||Posted - 06/09/2011 : 2:33:42 PM
Deny always wins...
I think what you want to do is add the remote users with "list - this folder only" access at the top level Apps folder and then add the modify rights to the common and main data folders.
||Posted - 06/09/2011 : 1:40:23 PM
explicit permissions will override inherited ones.