1.    02 Oct 2017 #1
    Join Date : Oct 2017
    Posts : 2
    Windows 10

    Windows Security. Allow user access only to subfolder and not root


    I've tried to search about this there and here, but hadn't found a solution.

    SITUATION
    I have a following folders structure:
    root
    ----|A
    ----|B
    --------|B1
    --------|B2
    ----|C
    I need to give permission for user to access only folder B2 and deny access to any root folders. I want to lock user inside this folder.

    WORKAROUND
    After reading this, I almost achieved it doing these two steps:
    1. I gave the only "Traverse Folder/Execute File" permission for desired user to root folder and forced this permission to all subfolders.
    2. I disabled inheritance for folder B2 and gave "Full control" permission for desired user.

    In this way user can't access root folder's content, but can access B2 folder directly through direct link or shortcut.

    PROBLEM
    The problem is that user can get one directory "up" from his folder and see root folder B with subfolder B1 along with B2. He can even go inside B1 directory and see all files inside. Although he can't access main root folder root - Windows shows "Access denied" error. Windows Security was always very messy but now I'm out of ideas.
      My ComputerSystem Spec
  2.    02 Oct 2017 #2
    Join Date : Oct 2014
    Trnava
    Posts : 2,866
    Windows 10.4 Home 1709 x64

    First Disable inheritance on B2 and setup your permissions for the user.

    Then go to Root, Disable inheritance from the parent and remove or deny that user's access.

    Enable or Disable Inherited Permissions for Objects in Windows User Accounts Tutorials
    Attached Thumbnails Attached Thumbnails capture_10022017_202801.jpg  
    Last edited by Brink; 02 Oct 2017 at 13:39. Reason: added tutorial link for more info
      My ComputerSystem Spec
  3.    05 Oct 2017 #3
    Join Date : Oct 2017
    Posts : 2
    Windows 10
    Thread Starter

    Thank you, TairikuOkami.

    PROBLEM
    It works in your case, but at the time I didn't realize that my folders are CIFS shares in NAS (Network Access Storage). NAS has UNIX-like OS so looks like the file system and security descriptors are entirely different from Windows. And in my case with your solution user can't access subfolder B2 directly - I get Access is denied.

    WORKAROUND
    I can achieve your result in my case with "Traverse Folder/Execute File" security option for root and all subfolders enabled, as I described in my first post. But in this case user can't access only root folder's contents. All other subfolders in different level can be accessed. It's interesting, that user still can access the B folder even if I disable inheritance of B and entirely remove user from the list.

    CONCLUSION
    NAS and Windows Security systems between themselves do not work properly. At this point I'm curious how they managed this to work at all...
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Is a standard user account necessary for tight security and home user?
Is a standard user account really necessary for tight security for the home user or will a well secured administrator account be sufficient?
AntiVirus, Firewalls and System Security
Using MKLINK on Outlook 2013 data files in a User subfolder
Outlook 2013 stores the .PST file for POP3 accounts in the C:\Documents\Outlook Files folder making it very convent to back up email, calendars, contact and rules. Unfortunately .OST files for any IMAP account(s) are stored in another folder...
Software and Apps
Still Cannot Access Root Drive ( C:\ )
I need to copy a file into my Windows 10 root drive (C:\). I cannot and get Error 0x80070522. - Found a tool which I really don't want to use since it is for folders and sub-folders. - Turned off User Account Control setting is set to the lowest....
User Accounts and Family Safety
system disk root folder all access denied
So having been bit by the "upgrade fails" bug because \users is a junction point to the root of a different drive , I decided to try to move users back to C:\Users until after the upgrade and I'd then move it back. Don't ask. I do it because...
General Support
Allow write access to C:/ root
Even though I am administrator on my PC, I do not have write access to C:/. (Win 10 Pro) Has anyone else had this problem, or does anyone know of a fix? Thanks
User Accounts and Family Safety
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 04:27.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums