I have an odd folder permissions problem that is just beating me up and I can't figure out how to solve the puzzle.
Let me explain what I am trying to do and then let you know what I have done and failed. What I am trying to do is have everyone map a drive that is a shared folder (of course) on a server. BUT, I do not want anyone (except admins of course) to be able to double click on the drive letter and open it up. However, I do want them able to read/write (modify) within sub-folders of that share. So basically:
G: is a mapped drive of \\Server1\Docs
G:\ ---> Appears in "My Computer" but user is unable to open it up. (getting an "Access Denied" dialog box is just fine here)
G:\Subfolder1 ---> User has modify rights (and can even open it by run: G:\Subfolder1 would be fine)
G:\Subfolder1\Sublevel2 ---> Modify.
I don't care if they type in the run box "G:\Subfolder1" and are able to open that folder and view files. They wont know that folder is there because they cant open G:\ and see the sub-folders. Basically I have a program that needs to read and write from/to sub-folders off the G drive but I don't want users to get in and accidentally delete something by being nosy. (or seeing possibly sensitive data within the files)
Here's what I have tried and failed:
1) Deny "List Folder Contents" permission on the Directory of the share (\\Server1\Docs). This works perfectly except for one thing. What it does right is it blocks people from being able to open G: from "My Computer", and does allow the program to see the sub folders, which is what I want. However, No one can Write/Delete within the sub folders, presumably because Windows needs to be able to "see" the root for some reason. I say that because when I remove the deny list permission on the root folder they are then able to write in sub folders.
2)Deny Traverse Folder permission on \\Server1\Docs directory. This didn't seem to do anything as I was still able to open up the G drive and traverse haphazardly willy-nilly, frolicking through the folders.
3)Deny Traverse Folder Permission on Subfolder1. User was not able to open folder, but was also not able to open any sub folders under it or write/read anything.
Basically, what I have to do right now so that they can use the program is allow read access to the root and then add modify permission specifically to any sub-folders they needs access to. Unfortunately this allows them to double click on the G: drive and frolic throughout the G: drive.
Any Ideas? (and unfortunately I can not change the software they are using that requires this kind of access.)