Security policy: deny list any not allowed folders

  • Thread starter Thread starter OKZ
  • Start date Start date
O

OKZ

Hi,
By our security policy a user should be denied to see the
folders - under shared folder on our file server - which
he/she has not any allowed access on. Typically it
necessaries at project folders. We collected our project
folders under a shared folder. The Hungarian Laws forbid
that any unauthorized persons see the project's name (we
named these folders by project's name).
Could anyone help me in this thing? How should I set the
access rights?
As I know in Novell it works somehow. I do not know
Novell, only I heard it.
Thanks.
 
Doesn't work in Windows, unfortunately. And some might argue that it's
pointless from a security standpoint to hide something from view that can't
be accessed, regardless.

If you search the archives, there have been a number of related discussions
on this topic in the past. And folks go one of two ways:

1) Create all shares hidden, so that folks require the direct path to access
anything
2) Find third-party software to do this
3) Set your ACLs properly, and deal

In your situation, number 3 is probably not an option, so look into 1 or 2.

And just out of curiosity, do you have that law in writing, perhaps on-line.
I'd very much like to cite that for training purposes. While it may have
made sense at some point (all of Hungary using Windows 98 or something),
it's really entirely pointless.
 
As Keith says, Windows doesn't allow this.

The only method I can think of is to create a dummy folder with the correct
permissions and then put the folder with the project's name on it within the
folder. So, you might end up with a file called s:\project 1234\top secret
project name\top secret file.doc

As far as access rights are concerned, as with Netware you probably want to
start by granting users no permissions at all and then add the permissions
they need (rather than using an explicit deny). That means that it's a good
idea to remove the "Everyone: Full Control" default from the root of your
share and setting something more appropriate. That way, permissions don't
get forgotten about and left with the "everyone: full control" default.

Hope this helps

Oli
 
Back
Top