This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 77%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHY%3C/text%3E%3C/svg%3E)
Hi Guys,
I am currently have a file server that running Windows Server 2016 Storage Server.
I have a folder that being setup as below:
Sharing_Folder
Sub_Folder1
Many_Sub_Folders2
I have shared the "Sharing_Folder" for "Everyone" with read only access. so any user could map the "Sharing Folder". Then, once users are mapped with "Sharing_Folder", they should be able to see and traverse from Sharing_folder into the "Sub_Folder1" folders as well (also read only access). These permission are inherited from "Sharing_Folder" as well. But, when come into "Many_Sub_Folder2", i would like that users that being granted access to any specific folders to see only the folder that they have access to. Meaning that though there are many "Many_Sub_Folder2", user can only see the folders that they have access to.
Currently, i tried to disable inheritance and given access to only specific users, but "Everyone" is still able to see those Sub_Folders2 even though they don't have access to.
Could you help to advise whether it is possible to achieve this scenario?
Thanks
H
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,@hendri yu
Hi,
Just checking in to see if the information provided was helpful.
If the reply helped you, please remember to accept it as an answer.
If no, please reply and tell us the current situation in order to provide further help
Best Regards,
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 91%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
These instructions are the "End All" and correct process for doing this.
Pre-Req: Enable access-based enumeration.
Secondly: Create Active Directory Group
Assign permission to Sub_Folder1 exclusively.
Now properly share it so Enumeration occurs dynamically.
Confirm
That's it!
Hi,
This is what i did in my environment.
Disable the inheritance, and assign the permission on the files and folders within the shared folder depends on your requirement.
Best Regards,
Hi,
Based on my understanding , you want to display only the files and folders that a user has permissions to access.
Access-based enumeration can be used to do this.
Windows Explorer enables access-based enumeration on shared folders by default
However, access-based enumeration is not enabled by default (can be enabled by using Share and Storage Management)on the following types of shared folders:
Shared folders that are created with Share and Storage Management, Advanced Sharing in Windows Explorer, or the net share command
Volumes
Folders or volumes that are shared for administrative purposes, such as C$ and ADMIN$
For more details and steps to do this you can refer to :
Access-based Enumeration
My test :
I created a folder and shared this folder by following way,(not advanced sharing)
There are 2 folders in the shared folder 1 and 2.
User MM1 only have read permission on folder 1 , then Windows Explorer displays only folder 1 as following
Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
Dear Fan Fan,
Good Day
Sorry for the late response.
Yes, you are correct. I would like to know how to display only the folders that users has the access to. meaning that specific user will only see specific folder which he/she has access. He/she should not see the rest of the folders though they are there.
Could you help to advise how to achieve this?
Your help and advise is greatly appreciated.
Many Thanks
H
Hi,
To achieve your goal, we need to enable the ABE,
For more information , please refer to :
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772681(v=ws.10)?redirectedfrom=MSDN
You can use User Groups and assign different folders different permissions assigned to different user groups. Users in a specific User Group would have the permissions to access those directories which allow that User Group access.
Hi Timcerling,
Actually, what i want to achieve is pretty simple. I want users can only see the folders that they has access to. Meaning, though there are multiple subfolders, but they could only see the folder that they have access to. They should know the existence of others folder.
However, whatever permission i tried, users still able to see all folders even though the could not access it. But i don't want them to see it.
Please help to advise how to achieve this.
Thanks
H
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 28.000000000000004%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKF%3C/text%3E%3C/svg%3E)
Hey, H
When you give access to a parent folder, the children folder of that parent are also given access to. If you want to limit the access to subfolders, you will need to revoke access from the parent folder and give only access to the subfolders. Or, remove the subfolder from the parent so it is no longer a subfolder and give access to the new file path.
-Karson