OK folks, I don't think this is possible, but:
Got a client who needs to allow domain users to read files in a directory.
The catch is, he does NOT want them to BROWSE the directory.
basically, they know a filename and a location, so they can open it directly. ( assume they will be pasting the entire path\filename into the file / open dialog.
Is there any way to do this?
Additionally, they should not be able to see directory structure although this might be OK.
My feeling is to put all these files behind an application front-end, give permissions to the (web) app, and remove all direct domain user access to the files. Utilize app security.
Other method suggestions are welcome.
I do not have full details of the application arch, but since it is all file based, I feel that a front-end needs to be written to handle this. ( Note that I'm an application guy, not an admin. I only play an admin on tv….. I do know enough admin stuff to be extraordinarily dangerous, so no need to be TOO simplistic )
Best Answer
This should be fairly easy. Enable ABE (access based enumeration) on the share and make sure that you set the NTFS permissions correctly on the files and folders within the share.
http://technet.microsoft.com/en-us/library/dd772681(WS.10).aspx
Alternately, the Bypass traverse checking user right grants the Everyone group (by default) the ability to taverse folders that they don't have NTFS permissions on in order to get to files that they do have NTFS permissions on. Here's what to do:
Grant the Everyone group Change and Read permissions on the Share.
Set the appropriate NTFS permissions on the folders and files within the share.
A user may then access the files directly via
As long as you have the Share and NTFS permissions set correctly the users will be able to access the appropriate files without being able to browse the contents of the share.