NDS vs NTFS File Scan (F) Capabilities

Discussion in 'Windows Server' started by Dave Roberts, Mar 21, 2005.

  1. Dave Roberts

    Dave Roberts Guest

    Article ID : 303758
    Last Review : September 30, 2003

    Novell NetWare administrators can configure permissions so that users cannot
    see files or folders in the file system for which the users do not have Read
    access by removing the File Scan (F) permission. This type of access control
    is not supported by the NTFS file system. There are currently no plans to
    include this functionality in Windows.

    My Current Problem and Question:

    Currently we are in progress of Migrating from Novell 6.0 to Server 2003. We
    have 8 Sites (thus 8 Servers) and each server has its own office and
    geographical area.

    Here are my current shares for all users

    H:=\\Headquarters-dc\Headquarters
    I:\\District1-dc\district_1
    J:\\District5-dc\district_5
    K:\\District6-dc\district_6
    L:=\\ jccl-dc\Lewiston
    M:=\\fiscal-dc\Fiscal
    N:=\\jccn-dc\Nampa
    S:=\\jccs-dc\St_Anthony

    the above shares are in a global script (in NDS) so that all users map
    identically, then with Novell's file permissions we can control what is seen
    and not seen and if a user has no permissions to any folders or files on that
    server they get a blank directory structure in that share.

    As you can see from the summarized Microsoft Article #303758 from approx
    2years ago that NTFS would never be as superior as novell in File and Folder
    permissions functionality...

    I cannot have unauthorized users accessing for example the Human Resources
    directory on our Headquarters Drive... but they still have to have access to
    the Policies and Forms Directories on that same drive. We do not wish to
    reorganize our data layout or change our method of sharing out data (One
    drive Letter = one server).

    I would like to know if this is still the case on the NTFS Functionality are
    there any future changes coming and if so what kind of timeline are we
    looking at?
    Or Am I stuck looking at reorganizing the way we share out data?
    Even 3rd party software that will fill the missing gap from NDS to NTFS at
    this point would be great.

    Thank you in advance.
    Sincerely
    Dave
     
    Dave Roberts, Mar 21, 2005
    #1
    1. Advertisements

  2. I think the capability being referenced is such that you can prevent the
    ability to see a folder entirely, not just the ability to read it.
    That is, take this example: \\server\users
    In users we have two folders: Eric and Jane. You want Eric to see only his
    folder, and not see Jane's. Before today, you could always prevent Eric from
    reading anything within Jane's folder. But if Eric has the ability to read
    the users folder (which he probably does, to get to his own) he would see
    the existance of the Jane folder.
    I think you want to remove the ability to even see the Jane folder is
    present.

    Is this correct?

    If so, this has been added in Windows Server 2003 SP1 (due out soon). If you
    want to test it immediately, go ahead and download the server 2003 SP1
    release candidate (the "final beta build" if you will) and try it. It is
    documented in the SP1 docs as well.

    ~Eric
     
    Eric Fleischman [MSFT], Mar 23, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.