| Sys Admin Extraordinaire |

2009-09-22 Initial Post

Tested with Windows Server 2003 SP2 and Windows XP Professional SP3.

An account that has Read permission to a share, but no permissions at all to the shared folder itself, can still traverse the shared folder to get to a subfolder for which it does have permission to.

Example: You have a folder named F:\Users and share it as \\Server-1\Users. You give AD\Domain Users Read permission to the Users share, but no permissions at all to the F:\Users folder. The subfolders of F:\Users are for users home folders, so all users have Modify permission to their respective subfolders only.

The user AD\JSmith can map to \\Server-1\Users\JSmith and will be able to access that path but cannot map directly to \\Server-1\Users since he has no permission to F:\Users. He is able to traverse the shared folder F:\Users because he has Read permission to the share \\Server-1\Users.

This entry was posted on Saturday, February 6th, 2010 at 12:48 PM and is filed under IT Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.