Windows Security. Allow user access only to subfolder and not root


  1. gacuxz
    Posts : 2
    Windows 10
       New #1

    Windows Security. Allow user access only to subfolder and not root


    I've tried to search about this there and here, but hadn't found a solution.

    SITUATION
    I have a following folders structure:
    root
    ----|A
    ----|B
    --------|B1
    --------|B2
    ----|C
    I need to give permission for user to access only folder B2 and deny access to any root folders. I want to lock user inside this folder.

    WORKAROUND
    After reading this, I almost achieved it doing these two steps:
    1. I gave the only "Traverse Folder/Execute File" permission for desired user to root folder and forced this permission to all subfolders.
    2. I disabled inheritance for folder B2 and gave "Full control" permission for desired user.

    In this way user can't access root folder's content, but can access B2 folder directly through direct link or shortcut.

    PROBLEM
    The problem is that user can get one directory "up" from his folder and see root folder B with subfolder B1 along with B2. He can even go inside B1 directory and see all files inside. Although he can't access main root folder root - Windows shows "Access denied" error. Windows Security was always very messy but now I'm out of ideas.
      My Computer
    Quote Quote

  3. TairikuOkami
    Posts : 5,452
    Windows 11 Home
       New #2

    First Disable inheritance on B2 and setup your permissions for the user.

    Then go to Root, Disable inheritance from the parent and remove or deny that user's access.

    Enable or Disable Inherited Permissions for Objects in Windows User Accounts Tutorials
    Attached Thumbnails Attached Thumbnails Windows Security. Allow user access only to subfolder and not root-capture_10022017_202801.jpg  
    Last edited by Brink; 02 Oct 2017 at 13:39. Reason: added tutorial link for more info
      My Computer
    Quote Quote

  4. gacuxz
    Posts : 2
    Windows 10
    Thread Starter
       New #3

    Thank you, TairikuOkami.

    PROBLEM
    It works in your case, but at the time I didn't realize that my folders are CIFS shares in NAS (Network Access Storage). NAS has UNIX-like OS so looks like the file system and security descriptors are entirely different from Windows. And in my case with your solution user can't access subfolder B2 directly - I get Access is denied.

    WORKAROUND
    I can achieve your result in my case with "Traverse Folder/Execute File" security option for root and all subfolders enabled, as I described in my first post. But in this case user can't access only root folder's contents. All other subfolders in different level can be accessed. It's interesting, that user still can access the B folder even if I disable inheritance of B and entirely remove user from the list.

    CONCLUSION
    NAS and Windows Security systems between themselves do not work properly. At this point I'm curious how they managed this to work at all... :)
      My Computer
    Quote Quote

 

  Related Discussions
Outlook 2013 stores the .PST file for POP3 accounts in the C:\Documents\Outlook Files folder making it very convent to back up email, calendars, contact and rules. Unfortunately .OST files for any IMAP account(s) are stored in another folder...
Could someone explain the purpose of all the accounts listed under the Advanced button of the User, Group or Built-In Security Principal search-box that appears when you click the Change link under Advanced Security Settings (Properties > Security >...
Still Cannot Access Root Drive ( C:\ )
in User Accounts and Family Safety

I need to copy a file into my Windows 10 root drive (C:\). I cannot and get Error 0x80070522. - Found a tool which I really don't want to use since it is for folders and sub-folders. - Turned off User Account Control setting is set to the lowest....
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 05:26.
Find Us




Windows 10 Forums