Windows 10: Windows Security. Allow user access only to subfolder and not root Solved

  1.    02 Oct 2017 #1

    Windows Security. Allow user access only to subfolder and not root

    I've tried to search about this there and here, but hadn't found a solution.

    I have a following folders structure:
    I need to give permission for user to access only folder B2 and deny access to any root folders. I want to lock user inside this folder.

    After reading this, I almost achieved it doing these two steps:
    1. I gave the only "Traverse Folder/Execute File" permission for desired user to root folder and forced this permission to all subfolders.
    2. I disabled inheritance for folder B2 and gave "Full control" permission for desired user.

    In this way user can't access root folder's content, but can access B2 folder directly through direct link or shortcut.

    The problem is that user can get one directory "up" from his folder and see root folder B with subfolder B1 along with B2. He can even go inside B1 directory and see all files inside. Although he can't access main root folder root - Windows shows "Access denied" error. Windows Security was always very messy but now I'm out of ideas.
      My ComputerSystem Spec

  2. Posts : 3,297
    10.5 Home 1803 x64
       02 Oct 2017 #2

    First Disable inheritance on B2 and setup your permissions for the user.

    Then go to Root, Disable inheritance from the parent and remove or deny that user's access.

    Enable or Disable Inherited Permissions for Objects in Windows User Accounts Tutorials
    Attached Thumbnails Attached Thumbnails capture_10022017_202801.jpg  
    Last edited by Brink; 02 Oct 2017 at 13:39. Reason: added tutorial link for more info
      My ComputerSystem Spec

  3.    05 Oct 2017 #3

    Thank you, TairikuOkami.

    It works in your case, but at the time I didn't realize that my folders are CIFS shares in NAS (Network Access Storage). NAS has UNIX-like OS so looks like the file system and security descriptors are entirely different from Windows. And in my case with your solution user can't access subfolder B2 directly - I get Access is denied.

    I can achieve your result in my case with "Traverse Folder/Execute File" security option for root and all subfolders enabled, as I described in my first post. But in this case user can't access only root folder's contents. All other subfolders in different level can be accessed. It's interesting, that user still can access the B folder even if I disable inheritance of B and entirely remove user from the list.

    NAS and Windows Security systems between themselves do not work properly. At this point I'm curious how they managed this to work at all... :)
      My ComputerSystem Spec


Related Threads
Is a standard user account really necessary for tight security for the home user or will a well secured administrator account be sufficient?
Outlook 2013 stores the .PST file for POP3 accounts in the C:\Documents\Outlook Files folder making it very convent to back up email, calendars, contact and rules. Unfortunately .OST files for any IMAP account(s) are stored in another folder...
Still Cannot Access Root Drive ( C:\ ) in User Accounts and Family Safety
I need to copy a file into my Windows 10 root drive (C:\). I cannot and get Error 0x80070522. - Found a tool which I really don't want to use since it is for folders and sub-folders. - Turned off User Account Control setting is set to the lowest....
So having been bit by the "upgrade fails" bug because \users is a junction point to the root of a different drive , I decided to try to move users back to C:\Users until after the upgrade and I'd then move it back. Don't ask. I do it because...
Allow write access to C:/ root in User Accounts and Family Safety
Even though I am administrator on my PC, I do not have write access to C:/. (Win 10 Pro) Has anyone else had this problem, or does anyone know of a fix? Thanks
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 03:41.
Find Us